Unrated severityNVD Advisory· Published Apr 24, 2007· Updated Apr 23, 2026

CVE-2007-2185

Description

Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b allow remote attackers to execute arbitrary PHP code via a URL in the supa[db_path] parameter to (1) common_functions.php, (2) admin_auth_cookies.php, (3) admin_mods.php, (4) admin_news.php, (5) admin_topics.php, (6) admin_users.php, (7) admin_utilities.php, (8) site_comment.php, or (9) site_news.php; or the supa[include_path] parameter to (10) admin_settings.php or (11) backend_site.php.

Affected products

Supasite/Supasite
cpe:2.3:a:supasite:supasite:1.23b:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vupen.com/english/advisories/2007/1492nvdVendor Advisory
osvdb.org/38845nvd
osvdb.org/38846nvd
osvdb.org/38847nvd
osvdb.org/38848nvd
osvdb.org/38849nvd
osvdb.org/38850nvd
osvdb.org/38851nvd
osvdb.org/38852nvd
osvdb.org/38853nvd
osvdb.org/38854nvd
osvdb.org/38855nvd
www.securityfocus.com/bid/23581nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33796nvd
www.exploit-db.com/exploits/3771nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000