Lucene search

[email protected]CVE-2007-4026

HistoryJul 26, 2007 - 7:30 p.m.

CVE-2007-4026

2007-07-2619:30:00

[email protected]

web.nvd.nist.gov

cve-2007-4026

epesi framework

file extension verification

remote code execution

gallery images upload

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

telaxus_llcepesiRange≤0.8.5

CPENameOperatorVersion
telaxus_llc:epesitelaxus llc epesile0.8.5

CPE	Name	Operator	Version
telaxus_llc:epesi	telaxus llc epesi	le	0.8.5

References

osvdb.org/38600

secunia.com/advisories/26175

sourceforge.net/project/shownotes.php?release_id=527102

exchange.xforce.ibmcloud.com/vulnerabilities/35596

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2007-4026

cvelist1 prion1 nvd1