Lucene search

[email protected]CVE-2007-0804

HistoryFeb 07, 2007 - 11:28 a.m.

CVE-2007-0804

2007-02-0711:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0804

directory traversal

ggcms

remote attack

php code injection

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via “…” sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

Affected configurations

NVD

Node

ggcmsggcmsMatch1.1.0_rc1

CPENameOperatorVersion
ggcms:ggcmsggcmseq1.1.0_rc1

CPE	Name	Operator	Version
ggcms:ggcms	ggcms	eq	1.1.0_rc1

References

osvdb.org/35849

www.securityfocus.com/bid/22412

www.vupen.com/english/advisories/2007/0492

exchange.xforce.ibmcloud.com/vulnerabilities/32211

www.exploit-db.com/exploits/3271

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2007-0804

prion1 nvd1 cvelist1 securityvulns1