Lucene search

[email protected]CVE-2007-2082

HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-2082

2007-04-1803:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2082

myblog

code injection

admin settings

remote authentication

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

CPENameOperatorVersion
myblog:myblogmyblogle0.9.8

CPE	Name	Operator	Version
myblog:myblog	myblog	le	0.9.8

References

osvdb.org/35392

securityreason.com/securityalert/2581

www.securityfocus.com/archive/1/465873/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/33707

7.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.0%

JSON

Related for CVE-2007-2082

prion1 securityvulns1