Lucene search

MitreCVE-2007-5407

HistoryOct 12, 2007 - 6:17 p.m.

CVE-2007-5407

2007-10-1218:17:00

CWE-94

mitre

web.nvd.nist.gov

cve-2007-5407

php

remote file inclusion

jcontentsubscription

joomla

arbitrary code execution

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.208

Percentile

96.5%

JSON

Multiple PHP remote file inclusion vulnerabilities in the JContentSubscription (com_jcs) 1.5.8 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) jcs.function.php; (2) add.php, (3) history.php, and (4) register.php, in view/; and (5) list.sub.html.php, (6) list.user.sub.html.php, and (7) reports.html.php in views/.

Affected configurations

Nvd

Node

joomlaequipmentjcontentsubscriptionMatch1.5.8

VendorProductVersionCPE
joomlaequipmentjcontentsubscription1.5.8cpe:2.3:a:joomlaequipment:jcontentsubscription:1.5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomlaequipment	jcontentsubscription	1.5.8	cpe:2.3:a:joomlaequipment:jcontentsubscription:1.5.8:::::::*

References

osvdb.org/43619

osvdb.org/43620

osvdb.org/43621

osvdb.org/43622

osvdb.org/43623

osvdb.org/43624

osvdb.org/43627

www.securityfocus.com/bid/26003

exchange.xforce.ibmcloud.com/vulnerabilities/37055

www.exploit-db.com/exploits/4508

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.208

Percentile

96.5%

JSON

Related for CVE-2007-5407