Lucene search

[email protected]CVE-2007-4328

HistoryAug 14, 2007 - 12:17 a.m.

CVE-2007-4328

2007-08-1400:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-4328

php

remote file inclusion

mapos bilder galerie

vulnerability

nvd

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.1 Low

EPSS

Percentile

94.8%

JSON

Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected, but that the filename for vector 3 is anzeigen.php.

CPENameOperatorVersion
mapos_scripts:bilder_galeriemapos scripts bilder galerieeq1.0
mapos_scripts:bilder_galeriemapos scripts bilder galerieeq1.1

CPE	Name	Operator	Version
mapos_scripts:bilder_galerie	mapos scripts bilder galerie	eq	1.0
mapos_scripts:bilder_galerie	mapos scripts bilder galerie	eq	1.1

References

osvdb.org/36455

osvdb.org/36456

osvdb.org/36457

secunia.com/advisories/26400

securityreason.com/securityalert/2999

www.securityfocus.com/archive/1/475952/100/0/threaded

www.securityfocus.com/bid/25256

www.vupen.com/english/advisories/2007/2838

exchange.xforce.ibmcloud.com/vulnerabilities/35923

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.1 Low

EPSS

Percentile

94.8%

JSON

Related for CVE-2007-4328

prion1