Lucene search

[email protected]CVE-2007-0860

HistoryFeb 09, 2007 - 1:28 a.m.

CVE-2007-0860

2007-02-0901:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0860

remote file inclusion

php

vulnerability

calendar system

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in local Calendar System 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) TEMPLATE_DIR parameter to (a) showinvoices.php, (b) showmonth.php, © showevents.php, (d) retrieveinvoice.php, (e) modifyitem.php, and (f) lookup_userid.php; or the LIBDIR parameter to (g) editevent.php, (h) resetpassword.php, (i) signup.php, showmonth.php, (j) showday.php, showevents.php, and lookup_userid.php. NOTE: this issue has been disputed by a third party, who states that the associated variables are set in config.php before use

CPENameOperatorVersion
laboratory_for_optical_and_computational_instrumentation:local_calendar_systemlaboratory for optical and computational instrumentation local calendar systemeq1.1

CPE	Name	Operator	Version
laboratory_for_optical_and_computational_instrumentation:local_calendar_system	laboratory for optical and computational instrumentation local calendar system	eq	1.1

References

www.securityfocus.com/archive/1/458312/100/100/threaded

www.securityfocus.com/archive/1/458457/100/100/threaded

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

78.4%

JSON

Related for CVE-2007-0860

prion1 securityvulns1