Lucene search

[email protected]CVE-2007-5224

HistoryOct 05, 2007 - 12:17 a.m.

CVE-2007-5224

2007-10-0500:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2007

5224

inc

exif.inc.php

original photo gallery

remote attackers

arbitrary programs

exec function

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows remote attackers to execute arbitrary programs via the exif_prog parameter, which is specified in an exec function call.

Affected configurations

NVD

Node

jimmacoriginal_photo_galleryRange≤0.11.2

CPENameOperatorVersion
jimmac:original_photo_galleryjimmac original photo galleryle0.11.2

CPE	Name	Operator	Version
jimmac:original_photo_gallery	jimmac original photo gallery	le	0.11.2

References

osvdb.org/41390

secunia.com/advisories/27029

securityreason.com/securityalert/3187

www.securityfocus.com/archive/1/481316/100/0/threaded

www.ush.it/team/ascii/hack-original/advisory.txt

www.ush.it/team/ascii/hack-original/advisory_updated.txt

www.vupen.com/english/advisories/2007/3341

exchange.xforce.ibmcloud.com/vulnerabilities/36916

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.8%

JSON

Related for CVE-2007-5224

nessus1 prion1 nvd1 cvelist1