Vulnerability in N/a

CVE-2007-4744

PHP remote file inclusion vulnerability in environment.php in AnyInventory 1.9.1 and 2.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the DIR_PREFIX parameter.

EPSS: 0.841 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

References

4365 (exploit, x_refsource_EXPLOIT-DB)
25550 (vdb-entry, x_refsource_BID)
26696 (x_refsource_SECUNIA, third-party-advisory)
36846 (x_refsource_OSVDB, vdb-entry)
anyinventory-environment-file-include(36436) (vdb-entry, x_refsource_XF)