Lucene search

K
cve[email protected]CVE-2007-1136
HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1136

2007-03-0221:18:00
CWE-20
web.nvd.nist.gov
27
cve-2007-1136
webmplayer
remote code execution
security vulnerability
nvd

8.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.07 Low

EPSS

Percentile

93.8%

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.

8.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.07 Low

EPSS

Percentile

93.8%

Related for CVE-2007-1136