Lucene search

[email protected]CVE-2007-3236

HistoryJun 15, 2007 - 1:30 a.m.

CVE-2007-3236

2007-06-1501:30:00

[email protected]

web.nvd.nist.gov

cve-2007-3236

php

remote file inclusion

vulnerability

horoscope 1.0

xoops

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.666 Medium

EPSS

Percentile

98.0%

JSON

PHP remote file inclusion vulnerability in footer.php in the Horoscope 1.0 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter.

Affected configurations

NVD

Node

xoopshoroscope_moduleMatch1.0

CPENameOperatorVersion
xoops:horoscope_modulexoops horoscope moduleeq1.0

CPE	Name	Operator	Version
xoops:horoscope_module	xoops horoscope module	eq	1.0

References

osvdb.org/35382

secunia.com/advisories/25651

www.attrition.org/pipermail/vim/2007-June/001660.html

www.securityfocus.com/bid/24449

www.vupen.com/english/advisories/2007/2169

exchange.xforce.ibmcloud.com/vulnerabilities/34837

www.exploit-db.com/exploits/4064

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

High

0.666 Medium

EPSS

Percentile

98.0%

JSON

Related for CVE-2007-3236

nvd1 prion1 cvelist1 canvas1