Lucene search

K
cve[email protected]CVE-2007-2609
HistoryMay 11, 2007 - 10:19 a.m.

CVE-2007-2609

2007-05-1110:19:00
CWE-94
web.nvd.nist.gov
18
2
cve
2007
2609
php
remote
file inclusion
vulnerabilities
gnuedu
execute
arbitrary
code
url
etcdir
parameter
libs
lom.php
lom_update.php
check-lom.php
weigh_keywords.php
scripts
libsdir
logout.php
help.php
index.php
login.php
web/lom.php

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.267 Low

EPSS

Percentile

96.6%

Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 allow remote attackers to execute arbitrary PHP code via a URL in the (a) ETCDIR parameter to (1) libs/lom.php; (2) lom_update.php, (3) check-lom.php, and (4) weigh_keywords.php in scripts/; the (b) LIBSDIR parameter to (5) logout.php, (6) help.php, (7) index.php, (8) login.php; and the ETCDIR parameter to (9) web/lom.php.

CPENameOperatorVersion
gnuedu:gnu_edugnuedu gnu edueq1.3b2

Social References

More

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.267 Low

EPSS

Percentile

96.6%

Related for CVE-2007-2609