Lucene search

[email protected]CVE-2007-1525

HistoryMar 20, 2007 - 8:19 p.m.

CVE-2007-1525

2007-03-2020:19:00

[email protected]

web.nvd.nist.gov

cve-2007-1525

postpost.php

dayfox blog

dfblog

remote code execution

php

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.145 Low

EPSS

Percentile

95.8%

JSON

Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.

Affected configurations

NVD

Node

dayfox_designsdayfox_blogMatch4

CPENameOperatorVersion
dayfox_designs:dayfox_blogdayfox designs dayfox blogeq4

CPE	Name	Operator	Version
dayfox_designs:dayfox_blog	dayfox designs dayfox blog	eq	4

References

infusion.110mb.com/enter/dfblog4.zip

osvdb.org/34073

secunia.com/advisories/24534

www.securityfocus.com/bid/22972

www.vupen.com/english/advisories/2007/0969

www.exploit-db.com/exploits/3478

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.145 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2007-1525

prion1 cvelist1 canvas1 nvd1 securityvulns1