Lucene search

[email protected]CVE-2007-4610

HistoryAug 31, 2007 - 12:17 a.m.

CVE-2007-4610

2007-08-3100:17:00

CWE-264

[email protected]

web.nvd.nist.gov

unrestricted file upload

file upload vulnerability

moonware

dale mooney gallery

remote attackers

php files

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Unrestricted file upload vulnerability in config/upload.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to upload and execute arbitrary PHP files in images/, possibly related to config/admin.php.

Affected configurations

NVD

Node

dale_mooneymoon_gallery

CPENameOperatorVersion
dale_mooney:moon_gallerydale mooney moon galleryeq*

CPE	Name	Operator	Version
dale_mooney:moon_gallery	dale mooney moon gallery	eq	*

References

secunia.com/advisories/26633

securityreason.com/securityalert/3079

www.securityfocus.com/archive/1/477851/100/0/threaded

www.securityfocus.com/bid/25455

exchange.xforce.ibmcloud.com/vulnerabilities/36288

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2007-4610

nvd1 prion1 cvelist1