Lucene search

[email protected]CVE-2007-4932

HistorySep 18, 2007 - 6:17 p.m.

CVE-2007-4932

2007-09-1818:17:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-4932

shop-script

admin.php

redirect vulnerability

web security

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.1%

JSON

admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.

Affected configurations

NVD

Node

shop-scriptshop-scriptRange≤2.0

CPENameOperatorVersion
shop-script:shop-scriptshop-scriptle2.0

CPE	Name	Operator	Version
shop-script:shop-script	shop-script	le	2.0

References

osvdb.org/40149

secunia.com/advisories/26840

www.securityfocus.com/bid/25695

exchange.xforce.ibmcloud.com/vulnerabilities/36646

www.exploit-db.com/exploits/4419

6.7 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

86.1%

JSON

Related for CVE-2007-4932

nessus1 prion1 nvd1 cvelist1