CVE-2007-1060

CVE-2007-1060 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

Learn more about our Web Application Penetration Testing UK.