Lucene search

[email protected]CVE-2007-5015

HistorySep 20, 2007 - 9:17 p.m.

CVE-2007-5015

2007-09-2021:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-5015

php

remote file inclusion

streamline php media server

vulnerability

nvd

security

.htaccess limit support

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.201 Low

EPSS

Percentile

96.3%

JSON

Multiple PHP remote file inclusion vulnerabilities in Streamline PHP Media Server 1.0-beta4 allow remote attackers to execute arbitrary PHP code via a URL in the sl_theme_unix_path parameter to (1) admin_footer.php, (2) info_footer.php, (3) theme_footer.php, (4) browse_footer.php, (5) account_footer.php, or (6) search_footer.php in core/theme/includes/. NOTE: the vulnerability is present only when the administrator does not follow installation instructions about the requirement for .htaccess Limit support.

CPENameOperatorVersion
streamline:streamlinestreamlineeq1.0_beta4

CPE	Name	Operator	Version
streamline:streamline	streamline	eq	1.0_beta4

References

arfis.wordpress.com/2007/09/14/rfi-03-streamline-php-media-server/

osvdb.org/38290

osvdb.org/38291

osvdb.org/38292

osvdb.org/38293

osvdb.org/38294

osvdb.org/38295

www.securityfocus.com/bid/25736

exchange.xforce.ibmcloud.com/vulnerabilities/36683

www.exploit-db.com/exploits/4430

Social References

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.201 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2007-5015

prion1 canvas1