Unrated severityNVD Advisory· Published Apr 24, 2007· Updated Apr 23, 2026

CVE-2007-2199

Description

PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka pcltar.php) in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including (1) Joomla! 1.5.0 Beta, (2) N/X Web Content Management System (WCMS) 4.5, (3) CJG EXPLORER PRO 3.3, and (4) phpSiteBackup 0.1, allows remote attackers to execute arbitrary PHP code via a URL in the g_pcltar_lib_dir parameter.

Affected products

Cjg Explorer Pro/Cjg Explorer Pro
cpe:2.3:a:cjg_explorer_pro:cjg_explorer_pro:3.3:*:*:*:*:*:*:*
Joomla/Joomla!
cpe:2.3:a:joomla:joomla:1.5.0:beta:*:*:*:*:*:*
Nx/N X Wcms
cpe:2.3:a:nx:n_x_wcms:4.5:*:*:*:*:*:*:*
Phpsitebackup/Phpsitebackup
cpe:2.3:a:phpsitebackup:phpsitebackup:0.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.hackers.ir/advisories/joomla.htmlnvdExploitVendor Advisory
secunia.com/advisories/25230nvdVendor Advisory
www.vupen.com/english/advisories/2007/1511nvdVendor Advisory
osvdb.org/34803nvd
osvdb.org/36009nvd
www.attrition.org/pipermail/vim/2007-May/001618.htmlnvd
www.securityfocus.com/archive/1/466687/100/0/threadednvd
www.securityfocus.com/archive/1/478503/100/0/threadednvd
www.securityfocus.com/bid/23613nvd
www.securityfocus.com/bid/23708nvd
www.securityfocus.com/bid/24660nvd
www.securityfocus.com/bid/25528nvd
exchange.xforce.ibmcloud.com/vulnerabilities/33837nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34273nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35092nvd
www.exploit-db.com/exploits/3781nvd
www.exploit-db.com/exploits/3915nvd
www.exploit-db.com/exploits/4111nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.069
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000