Lucene search

[email protected]CVE-2007-1554

HistoryMar 20, 2007 - 10:19 p.m.

CVE-2007-1554

2007-03-2022:19:00

[email protected]

web.nvd.nist.gov

cve

2007

1554

code injection

vulnerability

admin

configuration

guestbara

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

guestbaraguestbaraMatch1.2

CPENameOperatorVersion
guestbara:guestbaraguestbaraeq1.2

CPE	Name	Operator	Version
guestbara:guestbara	guestbara	eq	1.2

References

www.osvdb.org/33783

www.vupen.com/english/advisories/2007/1010

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2007-1554

cvelist1 nvd1 prion1 securityvulns1