Search...

CVE-2007-2731

2007-05-16T22:30:00

ID CVE-2007-2731
Type cve
Reporter cve@mitre.org
Modified 2018-10-16T16:45:00

Description

CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.

JSON Vulners Source

Initial Source

{"id": "CVE-2007-2731", "bulletinFamily": "NVD", "title": "CVE-2007-2731", "description": "CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might allow remote attackers to inject arbitrary e-mail headers via LF (%0A) sequences in the subject parameter, a related issue to CVE-2007-1898.", "published": "2007-05-16T22:30:00", "modified": "2018-10-16T16:45:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2731", "reporter": "cve@mitre.org", "references": ["http://www.securitytracker.com/id?1018063", "http://www.securityfocus.com/archive/1/468644/100/0/threaded", "http://www.vupen.com/english/advisories/2007/1831", "https://exchange.xforce.ibmcloud.com/vulnerabilities/34292", "http://securityreason.com/securityalert/2710", "http://www.osvdb.org/34088", "http://www.securityfocus.com/bid/23989", "http://www.netvigilance.com/advisory0026"], "cvelist": ["CVE-2007-2731"], "type": "cve", "lastseen": "2019-05-29T18:08:59", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "ca82d6f70b251eb2583e37cac61793fd"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f1a03a63bcab13d0d1e39f641025bdd7"}, {"key": "cpe23", "hash": "b64b52a86abfad30eaff93da88159a93"}, {"key": "cvelist", "hash": "6b15883b9f99e576ac1567edeee5fa65"}, {"key": "cvss", "hash": "d0178d13bbdef3150484e6576161299f"}, {"key": "cvss2", "hash": "96bce2692ae64371a04cf872a3b0e768"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "d9e8972b667bfb0488713e9d1ac9273b"}, {"key": "href", "hash": "6413e15e6ff11e9b5ad0e22bce2636c0"}, {"key": "modified", "hash": "ffffe7606f0e25a532cca9f719cd52c8"}, {"key": "published", "hash": "67b1cf4d12d3e46ec0b72754dc390211"}, {"key": "references", "hash": "c6eb3baecc819c93ec7af8b607825ba1"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "94ab47f2595ea6eaf8ba3751903dd7a7"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6534e0752dbb615d2f7549bc28a2c99848eaebf18e3e47208cabfba83c78fde7", "viewCount": 0, "enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2019-05-29T18:08:59"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:34088"]}], "modified": "2019-05-29T18:08:59"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:jetbox:jetbox_cms:2.1"], "affectedSoftware": [{"name": "jetbox jetbox_cms", "operator": "eq", "version": "2.1"}], "cvss2": {"cvssV2": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:jetbox:jetbox_cms:2.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\nSecurity Tracker: 1018063\nOther Advisory URL: http://www.netvigilance.com/advisory0026\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0240.html\nKeyword: netVigilance Security Advisory #26\nISS X-Force ID: 34292\nFrSIRT Advisory: ADV-2007-1831\n[CVE-2007-1898](https://vulners.com/cve/CVE-2007-1898)\n[CVE-2007-2731](https://vulners.com/cve/CVE-2007-2731)\nBugtraq ID: 23989\n", "modified": "2007-05-15T00:00:00", "published": "2007-05-15T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:34088", "id": "OSVDB:34088", "title": "Jetbox CMS formmail.php Arbitrary Mail Relay", "type": "osvdb", "cvss": {"score": 5.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}