Lucene search

[email protected]CVE-2007-2545

HistoryMay 09, 2007 - 1:19 a.m.

CVE-2007-2545

2007-05-0901:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

2545

persism cms

remote file inclusion

php

security vulnerability

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.376 Low

EPSS

Percentile

97.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

CPENameOperatorVersion
persism_cms:persism_cmspersism cmsle0.9.2

CPE	Name	Operator	Version
persism_cms:persism_cms	persism cms	le	0.9.2

References

osvdb.org/37767

osvdb.org/37768

osvdb.org/37769

osvdb.org/37770

osvdb.org/37771

osvdb.org/37772

osvdb.org/37773

osvdb.org/37774

osvdb.org/37775

osvdb.org/37776

www.securityfocus.com/bid/23828

www.vupen.com/english/advisories/2007/1671

exchange.xforce.ibmcloud.com/vulnerabilities/34102

www.exploit-db.com/exploits/3853

Social References

7.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.376 Low

EPSS

Percentile

97.2%

JSON

Related for CVE-2007-2545

canvas1 prion1