CVE-2007-5642

critical

Description

Multiple directory traversal vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the def_lang parameter to modules/files/list.php; the m_path parameter to (2) modules/projects/summary.inc.php or (3) modules/tasks/summary.inc.php; (4) the module parameter to modules/projects/list.php; or the module parameter to index.php in the (5) certinfo, (6) emails, (7) events, (8) fax, (9) files, (10) groupadm, (11) history, (12) info, (13) log, (14) mail, (15) messages, (16) organizations, (17) phones, (18) presence, (19) projects, (20) reports, (21) search, (22) snf, (23) syslog, (24) tasks, or (25) useradm subdirectory of modules/.

References

https://www.exploit-db.com/exploits/4549

https://exchange.xforce.ibmcloud.com/vulnerabilities/37348

http://www.securityfocus.com/bid/26148

http://secunia.com/advisories/27347

http://osvdb.org/41975

http://osvdb.org/41974

http://osvdb.org/41972

http://osvdb.org/41970

http://osvdb.org/41963

http://osvdb.org/41960

http://osvdb.org/41956

http://osvdb.org/41955

http://osvdb.org/41954

http://osvdb.org/41951

Details

Source: Mitre, NVD

Published: 2007-10-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.13356