Lucene search

[email protected]CVE-2007-2679

HistoryMay 15, 2007 - 12:19 a.m.

CVE-2007-2679

2007-05-1500:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2679

php

file inclusion vulnerability

ivan peevski gallery

simple php scripts

sphp

remote attackers

arbitrary php code

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts (sphp) allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file_exists function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CPENameOperatorVersion
simple_php_scripts_gallery:simple_php_scripts_gallerysimple php scripts galleryeq0.3

CPE	Name	Operator	Version
simple_php_scripts_gallery:simple_php_scripts_gallery	simple php scripts gallery	eq	0.3

References

secunia.com/advisories/24912

www.attrition.org/pipermail/vim/2007-April/001536.html

www.securityfocus.com/bid/23534

8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.4%

JSON

Related for CVE-2007-2679

prion1