Lucene search

[email protected]CVE-2007-5100

HistorySep 26, 2007 - 10:17 p.m.

CVE-2007-5100

2007-09-2622:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2007

5100

php

remote

file inclusion

vulnerability

phpbb plus

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009.

CPENameOperatorVersion
phpbb:phpbb_plusphpbb phpbb plusle1.53a
phpbb:phpbb_plusphpbb phpbb pluseq1.53

CPE	Name	Operator	Version
phpbb:phpbb_plus	phpbb phpbb plus	le	1.53a
phpbb:phpbb_plus	phpbb phpbb plus	eq	1.53

References

osvdb.org/38723

osvdb.org/38724

osvdb.org/38725

secunia.com/advisories/26888

www.phpbb2.de/ftopic45218.html

www.securityfocus.com/bid/25776

www.vupen.com/english/advisories/2007/3247

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2007-5100

prion2 cve1 canvas1 nessus1