Lucene search

[email protected]CVE-2007-5822

HistoryNov 05, 2007 - 7:46 p.m.

CVE-2007-5822

2007-11-0519:46:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2007

5822

code injection

vulnerability

forum.php

ben ng scribe

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.

Affected configurations

NVD

Node

scribescribeMatch0.2

CPENameOperatorVersion
scribe:scribescribeeq0.2

CPE	Name	Operator	Version
scribe:scribe	scribe	eq	0.2

References

osvdb.org/45287

securityreason.com/securityalert/3339

www.inj3ct-it.org/exploit/scribe.txt

www.securityfocus.com/archive/1/483183/100/0/threaded

www.securityfocus.com/bid/26302

www.vupen.com/english/advisories/2007/3746

exchange.xforce.ibmcloud.com/vulnerabilities/38227

www.exploit-db.com/exploits/4596

7.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.024 Low

EPSS

Percentile

90.0%

JSON

Related for CVE-2007-5822

prion1 nvd1 cvelist1