Lucene search

[email protected]CVE-2007-2201

HistoryApr 24, 2007 - 8:19 p.m.

CVE-2007-2201

2007-04-2420:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

php

remote file inclusion

post revolution

vulnerability

nvd

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.144 Low

EPSS

Percentile

95.6%

JSON

Multiple PHP remote file inclusion vulnerabilities in Post Revolution 6.6 and 7.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the dir parameter to (1) common.php or (2) themes/default/preview_post_completo.php.

CPENameOperatorVersion
post_revolution:post_revolutionpost revolutioneq6.6
post_revolution:post_revolutionpost revolutioneq7.0_rc2

CPE	Name	Operator	Version
post_revolution:post_revolution	post revolution	eq	6.6
post_revolution:post_revolution	post revolution	eq	7.0_rc2

References

osvdb.org/35317

osvdb.org/35318

secunia.com/advisories/24971

securityreason.com/securityalert/2653

www.securityfocus.com/archive/1/466707/100/0/threaded

www.securityfocus.com/bid/23607

www.vupen.com/english/advisories/2007/1513

exchange.xforce.ibmcloud.com/vulnerabilities/33825

www.exploit-db.com/exploits/3785

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.144 Low

EPSS

Percentile

95.6%

JSON

Related for CVE-2007-2201

prion1