Lucene search

[email protected]CVE-2007-3578

HistoryJul 05, 2007 - 8:30 p.m.

CVE-2007-3578

2007-07-0520:30:00

[email protected]

web.nvd.nist.gov

phpids

remote attackers

web script

cve-2007-3578

nvd

6.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.2%

JSON

PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.

Affected configurations

NVD

Node

phpidsphpids

CPENameOperatorVersion
phpids:phpidsphpidseq*

CPE	Name	Operator	Version
phpids:phpids	phpids	eq	*

References

groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0

osvdb.org/45757

osvdb.org/45758

sla.ckers.org/forum/read.php?2%2C13209%2C13218

exchange.xforce.ibmcloud.com/vulnerabilities/35519

6.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.2%

JSON

Related for CVE-2007-3578

prion1 nvd1 cvelist1