Lucene search
MitreCVE-2007-4925HistorySep 18, 2007 - 6:17 p.m.
CVE-2007-4925
2007-09-1818:17:00
CWE-20
mitre
web.nvd.nist.gov
17
cve-2007-4925
ewirepcfunctions.php
ewire payment client
epc
arbitrary commands
shell metacharacters
remote attackers
security vulnerability
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.043
Percentile
92.5%
The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php.
Affected configurations
Node
ewirepayment_clientMatch1.60
ORewirepayment_clientMatch1.70
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ewire | payment_client | 1.60 | cpe:2.3:a:ewire:payment_client:1.60:*:*:*:*:*:*:* |
| ewire | payment_client | 1.70 | cpe:2.3:a:ewire:payment_client:1.70:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
ewire Payment Client 1.60/1.70 - Command Execution
2007-09-17 00:00:00
prion
prion
Code injection
2007-09-18 18:17:00
cvelist
cvelist
CVE-2007-4925
2007-09-18 18:00:00
nvd
nvd
CVE-2007-4925
2007-09-18 18:17:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
High
EPSS
0.043
Percentile
92.5%
Related for CVE-2007-4925