CVE-2007-4738

critical

Description

Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP Library (STPHPLibrary) 0.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) db_conf or (2) ADODB_DIR parameter to utils/stphpimage_show.php; or a URL in the STPHPLIB_DIR parameter to (3) stphpbutton.php, (4) stphpcheckbox.php, (5) stphpcheckboxwithcaption.php, (6) stphpcheckgroup.php, (7) stphpcomponent.php, (8) stphpcontrolwithcaption.php, (9) stphpedit.php, (10) stphpeditwithcaption.php, (11) stphphr.php, (12) stphpimage.php, (13) stphpimagewithcaption.php, (14) stphplabel.php, (15) stphplistbox.php, (16) stphplistboxwithcaption.php, (17) stphplocale.php, (18) stphppanel.php, (19) stphpradiobutton.php, (20) stphpradiobuttonwithcaption.php, (21) stphpradiogroup.php, (22) stphprichbutton.php, (23) stphpspacer.php, (24) stphptable.php, (25) stphptablecell.php, (26) stphptablerow.php, (27) stphptabpanel.php, (28) stphptabtitle.php, (29) stphptextarea.php, (30) stphptextareawithcaption.php, (31) stphptoolbar.php, (32) stphpwindow.php, (33) stphpxmldoc.php, or (34) stphpxmlelement.php, a different set of vectors than CVE-2007-4737. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36417

http://www.securityfocus.com/bid/25525

http://secunia.com/advisories/26658

http://osvdb.org/39105

http://osvdb.org/39104

http://osvdb.org/39103

http://osvdb.org/39102

http://osvdb.org/39101

http://osvdb.org/39100

http://osvdb.org/39099

http://osvdb.org/39098

http://osvdb.org/39097

http://osvdb.org/39096

http://osvdb.org/39095

http://osvdb.org/39094

http://osvdb.org/39093

http://osvdb.org/39092

http://osvdb.org/39091

http://osvdb.org/39090

http://osvdb.org/39089

http://osvdb.org/39088

http://osvdb.org/39087

http://osvdb.org/39086

http://osvdb.org/39085

http://osvdb.org/39084

http://osvdb.org/39083

http://osvdb.org/39082

http://osvdb.org/39081

http://osvdb.org/39080

http://osvdb.org/39079

http://osvdb.org/39078

http://osvdb.org/39077

http://osvdb.org/39076

http://osvdb.org/39075

http://osvdb.org/39074

http://osvdb.org/39073

Details

Source: Mitre, NVD

Published: 2007-09-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03855