Lucene search

[email protected]CVE-2007-3706

HistoryJul 11, 2007 - 11:30 p.m.

CVE-2007-3706

2007-07-1123:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

_sanitize_globals

codeigniter

remote attackers

global variables

security vulnerability

7.6 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 allows remote attackers to unset arbitrary global variables with unspecified impact, as demonstrated by a _SERVER cookie.

CPENameOperatorVersion
codeigniter:codeignitercodeignitereq1.5.3

CPE	Name	Operator	Version
codeigniter:codeigniter	codeigniter	eq	1.5.3

References

lists.grok.org.uk/pipermail/full-disclosure/2007-July/064500.html

osvdb.org/37905

secunia.com/advisories/25991

securityreason.com/securityalert/2877

www.securityfocus.com/archive/1/473190/100/0/threaded

7.6 High

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.1%

JSON

Related for CVE-2007-3706

cvelist1 prion1