Lucene search

K
cve[email protected]CVE-2007-5188
HistoryOct 03, 2007 - 2:17 p.m.

CVE-2007-5188

2007-10-0314:17:00
web.nvd.nist.gov
22
cve-2007-5188
xoops
uploader class
remote attackers
arbitrary files
improper upload configuration
incomplete blacklist

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.012

Percentile

85.2%

Unspecified vulnerability in the XOOPS uploader class in Xoops 2.0.17.1-RC1 and earlier allows remote attackers to upload arbitrary files via unspecified vectors related to improper upload configuration settings in class/uploader.php and class/mimetypes.inc.php, possibly an incomplete blacklist that omits the .php4 extension.

Affected configurations

NVD
Node
xoopsxoopsRange2.0.17.1-rc1
VendorProductVersionCPE
xoopsxoopscpe:/a:xoops:xoops::::

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.012

Percentile

85.2%

Related for CVE-2007-5188