Unrated severityNVD Advisory· Published Mar 23, 2007· Updated Apr 23, 2026
CVE-2007-1635
CVE-2007-1635
Description
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
Affected products
1- cpe:2.3:a:net_portal_dynamic_system:net_portal_dynamic_system:*:*:*:*:*:*:*:*Range: <=5.10
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.