Lucene search

[email protected]CVE-2007-0135

HistoryJan 09, 2007 - 11:28 a.m.

CVE-2007-0135

2007-01-0911:28:00

[email protected]

web.nvd.nist.gov

cve

2007

0135

php

remote file inclusion

vulnerability

aratix

security

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

JSON

PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the current_path parameter.

Affected configurations

NVD

Node

aratixaratixRange≤0.2.2_beta_11

CPENameOperatorVersion
aratix:aratixaratixle0.2.2_beta_11

CPE	Name	Operator	Version
aratix:aratix	aratix	le	0.2.2_beta_11

References

osvdb.org/33405

securityreason.com/exploitalert/1698

www.attrition.org/pipermail/vim/2007-January/001219.html

www.vupen.com/english/advisories/2007/0054

exchange.xforce.ibmcloud.com/vulnerabilities/31282

www.exploit-db.com/exploits/3079

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.095 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2007-0135

prion1 cvelist1 nvd1 securityvulns1