Lucene search

[email protected]CVE-2007-6082

HistoryNov 22, 2007 - 12:46 a.m.

CVE-2007-6082

2007-11-2200:46:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-6082

static code injection

vulnerability

hosting panel

sciurus

remote code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.127 Low

EPSS

Percentile

95.5%

JSON

Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.

Affected configurations

NVD

Node

sciurussciurus_hosting_panelMatch2.0.3

CPENameOperatorVersion
sciurus:sciurus_hosting_panelsciurus sciurus hosting paneleq2.0.3

CPE	Name	Operator	Version
sciurus:sciurus_hosting_panel	sciurus sciurus hosting panel	eq	2.0.3

References

securityreason.com/securityalert/3388

www.r57.li/exploit.txt

www.securityfocus.com/archive/1/483867/100/0/threaded

www.securityfocus.com/bid/26481

exchange.xforce.ibmcloud.com/vulnerabilities/38543

www.exploit-db.com/exploits/4635

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.127 Low

EPSS

Percentile

95.5%

JSON

Related for CVE-2007-6082

cvelist1 prion1 nvd1