Lucene search

[email protected]CVE-2007-0804

HistoryFeb 07, 2007 - 11:28 a.m.

CVE-2007-0804

2007-02-0711:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0804

directory traversal

ggcms

remote attack

php code injection

security vulnerability

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.1%

JSON

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via “…” sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

CPENameOperatorVersion
ggcms:ggcmsggcmseq1.1.0_rc1

CPE	Name	Operator	Version
ggcms:ggcms	ggcms	eq	1.1.0_rc1

References

osvdb.org/35849

www.securityfocus.com/bid/22412

www.vupen.com/english/advisories/2007/0492

exchange.xforce.ibmcloud.com/vulnerabilities/32211

www.exploit-db.com/exploits/3271

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2007-0804

prion1 securityvulns1