Lucene search

[email protected]CVE-2007-3199

HistoryJun 12, 2007 - 11:30 p.m.

CVE-2007-3199

2007-06-1223:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3199

file upload vulnerability

remote code execution

php

image content type

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.154 Low

EPSS

Percentile

95.8%

JSON

Unrestricted file upload vulnerability in Link Request Contact Form 3.4 allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension and an image content type, as demonstrated by image/jpeg.

CPENameOperatorVersion
american_financing:link_request_contact_formamerican financing link request contact formeq3.4

CPE	Name	Operator	Version
american_financing:link_request_contact_form	american financing link request contact form	eq	3.4

References

corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar

osvdb.org/37204

secunia.com/advisories/25614

www.securityfocus.com/bid/24408

www.vupen.com/english/advisories/2007/2143

exchange.xforce.ibmcloud.com/vulnerabilities/34801

www.exploit-db.com/exploits/4059

8.4 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.154 Low

EPSS

Percentile

95.8%

JSON

Related for CVE-2007-3199

prion1