Lucene search

K
cve[email protected]CVE-2007-5098
HistorySep 26, 2007 - 10:17 p.m.

CVE-2007-5098

2007-09-2622:17:00
CWE-94
web.nvd.nist.gov
87
cve
2007
5098
php
remote file inclusion
dfd cart
register_globals
vulnerability
nvd

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.304 Low

EPSS

Percentile

96.8%

Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the set_depth parameter to (1) app.lib/product.control/core.php/product.control.config.php, or (2) customer.browse.list.php or (3) customer.browse.search.php in app.lib/product.control/core.php/customer.area/.

7.8 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.304 Low

EPSS

Percentile

96.8%

Related for CVE-2007-5098