Lucene search

[email protected]CVE-2007-2003

HistoryApr 12, 2007 - 7:19 p.m.

CVE-2007-2003

2007-04-1219:19:00

[email protected]

web.nvd.nist.gov

inoutmailinglistmanager

cve-2007-2003

remote code execution

php

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by ignoring the redirect.

Affected configurations

NVD

Node

inoutmailinglistmanagerinoutmailinglistmanagerRange≤3.1

CPENameOperatorVersion
inoutmailinglistmanager:inoutmailinglistmanagerinoutmailinglistmanagerle3.1

CPE	Name	Operator	Version
inoutmailinglistmanager:inoutmailinglistmanager	inoutmailinglistmanager	le	3.1

References

secunia.com/advisories/24842

www.vupen.com/english/advisories/2007/1345

www.exploit-db.com/exploits/3702

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.4%

JSON

Related for CVE-2007-2003

nvd1 cvelist1 prion1 securityvulns1