Lucene search

[email protected]CVE-2007-2985

HistoryJun 01, 2007 - 10:30 a.m.

CVE-2007-2985

2007-06-0110:30:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2007-2985

pheap 2.0

authentication bypass

remote attack

settings.php

arbitrary php code

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator’s username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.

Affected configurations

NVD

Node

pheappheapMatch2.0

CPENameOperatorVersion
pheap:pheappheapeq2.0

CPE	Name	Operator	Version
pheap:pheap	pheap	eq	2.0

References

osvdb.org/36737

secunia.com/advisories/25460

exchange.xforce.ibmcloud.com/vulnerabilities/34592

www.exploit-db.com/exploits/4006

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2007-2985

prion1 cvelist1 nvd1