Lucene search

[email protected]CVE-2007-6174

HistoryNov 30, 2007 - 12:46 a.m.

CVE-2007-6174

2007-11-3000:46:00

CWE-264

[email protected]

web.nvd.nist.gov

phpdevshell

security vulnerability

cve-2007-6174

user profile update

remote authenticated users

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.4%

JSON

PHPDevShell before 0.7.0 allows remote authenticated users to gain privileges via a crafted request to update a user profile. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

phpdevshellphpdevshellRange≤0.6.0

CPENameOperatorVersion
phpdevshell:phpdevshellphpdevshellle0.6.0

CPE	Name	Operator	Version
phpdevshell:phpdevshell	phpdevshell	le	0.6.0

References

secunia.com/advisories/27828

www.phpdevshell.org/changelog

www.securityfocus.com/bid/26615

exchange.xforce.ibmcloud.com/vulnerabilities/38736

8.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.4%

JSON

Related for CVE-2007-6174

prion1 cvelist1 nvd1