Lucene search

[email protected]CVE-2007-2166

HistoryApr 22, 2007 - 7:19 p.m.

CVE-2007-2166

2007-04-2219:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2166

php

remote file inclusion

opensurveypilot

osp

vulnerability

nvd

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.4%

JSON

PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter.

CPENameOperatorVersion
opensurveypilot:opensurveypilotopensurveypilotle1.2.1

CPE	Name	Operator	Version
opensurveypilot:opensurveypilot	opensurveypilot	le	1.2.1

References

osp.cvs.sourceforge.net/osp/osp12/administration/user/lib/group.inc.php?revision=1.1.1.1&view=markup

osvdb.org/35022

secunia.com/advisories/24915

www.securityfocus.com/bid/23563

www.vupen.com/english/advisories/2007/1460

exchange.xforce.ibmcloud.com/vulnerabilities/33749

www.exploit-db.com/exploits/3765

8.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.131 Low

EPSS

Percentile

95.4%

JSON

Related for CVE-2007-2166

prion1