Lucene search

MitreCVE-2007-2093

HistoryApr 18, 2007 - 10:19 a.m.

CVE-2007-2093

2007-04-1810:19:00

mitre

web.nvd.nist.gov

cve-2007-2093

code injection

limesoft guestbook

ls simple guestbook

remote attack

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.1%

JSON

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

Affected configurations

Nvd

Node

limesoftlimesoft_guestbookMatch1.0

VendorProductVersionCPE
limesoftlimesoft_guestbook1.0cpe:2.3:a:limesoft:limesoft_guestbook:1.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
limesoft	limesoft_guestbook	1.0	cpe:2.3:a:limesoft:limesoft_guestbook:1.0:::::::*

References

secunia.com/advisories/24904

securityreason.com/securityalert/2590

www.securityfocus.com/archive/1/465864/100/0/threaded

www.securityfocus.com/bid/23503

www.vupen.com/english/advisories/2007/1393

exchange.xforce.ibmcloud.com/vulnerabilities/33666

www.exploit-db.com/exploits/3735

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.021

Percentile

89.1%

JSON

Related for CVE-2007-2093