Lucene search

[email protected]CVE-2007-0486

HistoryJan 25, 2007 - 12:28 a.m.

CVE-2007-0486

2007-01-2500:28:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2007

0486

php

remote file inclusion

openads

phpadsnew

vulnerabilities

nvd

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions

CPENameOperatorVersion
phpadsnew:phpadsnewphpadsneweq2.0.7

CPE	Name	Operator	Version
phpadsnew:phpadsnew	phpadsnew	eq	2.0.7

References

osvdb.org/33573

securityreason.com/securityalert/2174

www.securityfocus.com/archive/1/457670/100/0/threaded

www.securityfocus.com/archive/1/457806/100/200/threaded

www.securityfocus.com/archive/1/457991/100/200/threaded

www.securityfocus.com/bid/22172

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2007-0486

prion1 securityvulns1