CVE-2007-5056

2007-09-2422:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

5056

eval injection

adodb lite

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.696 Medium

EPSS

Percentile

98.0%

JSON

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

Affected configurations

NVD

Node

adodb_liteadodb_liteRange≤1.42

cmsmadesimplecms_made_simple

journalnessjournalness

open-realtyopen-realty

pacercmspacercms

sapidsapid_cmf

CPENameOperatorVersion
adodb_lite:adodb_liteadodb litele1.42
cmsmadesimple:cms_made_simplecmsmadesimple cms made simpleeq*
journalness:journalnessjournalnesseq*
open-realty:open-realtyopen-realtyeq*
pacercms:pacercmspacercmseq*
sapid:sapid_cmfsapid sapid cmfeq*

CPE	Name	Operator	Version
adodb_lite:adodb_lite	adodb lite	le	1.42
cmsmadesimple:cms_made_simple	cmsmadesimple cms made simple	eq	*
journalness:journalness	journalness	eq	*
open-realty:open-realty	open-realty	eq	*
pacercms:pacercms	pacercms	eq	*
sapid:sapid_cmf	sapid sapid cmf	eq	*