Lucene search

[email protected]CVE-2007-4329

HistoryAug 14, 2007 - 12:17 a.m.

CVE-2007-4329

2007-08-1400:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2007

4329

php

remote file inclusion

web news 1.1

arbitrary code execution

url vulnerability

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) news.php, or (3) feed.php.

CPENameOperatorVersion
mapos_scripts:web_newsmapos scripts web newseq1.1

CPE	Name	Operator	Version
mapos_scripts:web_news	mapos scripts web news	eq	1.1

References

osvdb.org/36427

osvdb.org/36428

osvdb.org/36429

secunia.com/advisories/26398

securityreason.com/securityalert/2998

www.securityfocus.com/archive/1/475956/100/0/threaded

www.securityfocus.com/bid/25257

www.vupen.com/english/advisories/2007/2839

exchange.xforce.ibmcloud.com/vulnerabilities/35925

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.132 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2007-4329

prion1