Lucene search

[email protected]CVE-2007-1908

HistoryApr 10, 2007 - 11:19 p.m.

CVE-2007-1908

2007-04-1023:19:00

[email protected]

web.nvd.nist.gov

php

file inclusion

vulnerability

php121 instant messenger

execute arbitrary code

remote attackers

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.09 Low

EPSS

Percentile

94.7%

JSON

PHP file inclusion vulnerability in php121db.php in PHP121 Instant Messenger 2.2 allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the php121dir parameter, which is accessed by the file_exists function.

Affected configurations

NVD

Node

php121php121_instant_messengerMatch2.2

CPENameOperatorVersion
php121:php121_instant_messengerphp121 php121 instant messengereq2.2

CPE	Name	Operator	Version
php121:php121_instant_messenger	php121 php121 instant messenger	eq	2.2

References

osvdb.org/34720

secunia.com/advisories/24818

www.securityfocus.com/bid/23392

www.vupen.com/english/advisories/2007/1314

exchange.xforce.ibmcloud.com/vulnerabilities/33525

www.exploit-db.com/exploits/3694

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.09 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2007-1908

nvd1 cvelist1 prion1 securityvulns1