Lucene search

K
cve[email protected]CVE-2007-2670
HistoryMay 14, 2007 - 11:19 p.m.

CVE-2007-2670

2007-05-1423:19:00
NVD-CWE-Other
web.nvd.nist.gov
22
cve-2007-2670
phpchain
remote attack
installation path
catid parameter
xss manipulation

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%

PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php, as demonstrated by XSS manipulations.

6.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.8%

Related for CVE-2007-2670