Lucene search

[email protected]CVE-2007-0172

HistoryJan 11, 2007 - 12:28 a.m.

CVE-2007-0172

2007-01-1100:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0172

php

remote file inclusion

allmyguests 0.3.0

nvd

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the AMG_serverpath parameter to (1) comments.php and (2) signin.php; and possibly via a URL in unspecified parameters to (3) include/submit.inc.php, (4) admin/index.php, (5) include/cm_submit.inc.php, and (6) index.php.

CPENameOperatorVersion
allmyguests_project:allmyguestsallmyguests project allmyguestsle0.3
allmyguests_project:allmyguestsallmyguests project allmyguestseq0.3
allmyguests_project:allmyguestsallmyguests project allmyguestseq0.1.2

CPE	Name	Operator	Version
allmyguests_project:allmyguests	allmyguests project allmyguests	le	0.3
allmyguests_project:allmyguests	allmyguests project allmyguests	eq	0.3
allmyguests_project:allmyguests	allmyguests project allmyguests	eq	0.1.2

References

osvdb.org/35915

osvdb.org/35916

osvdb.org/35917

osvdb.org/35919

osvdb.org/35921

osvdb.org/35923

www.securityfocus.com/bid/21918

exchange.xforce.ibmcloud.com/vulnerabilities/31310

www.exploit-db.com/exploits/3093

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.08 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2007-0172

prion1 securityvulns1