Lucene search

[email protected]CVE-2007-6325

HistoryDec 13, 2007 - 7:46 p.m.

CVE-2007-6325

2007-12-1319:46:00

CWE-20

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-6325

php

remote file inclusion

fastpublish cms

adminbereich

designconfig.php

security vulnerability

nvd

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.215 Low

EPSS

Percentile

96.4%

JSON

PHP remote file inclusion vulnerability in adminbereich/designconfig.php in Fastpublish CMS 1.9999 allows remote attackers to execute arbitrary PHP code via a URL in the config[fsBase] parameter, a different vector than CVE-2006-2726.

CPENameOperatorVersion
fastpublish:fastpublish_cmsfastpublish fastpublish cmseq1.9999

CPE	Name	Operator	Version
fastpublish:fastpublish_cms	fastpublish fastpublish cms	eq	1.9999

References

secunia.com/advisories/28054

www.osvdb.org/39153

www.securityfocus.com/bid/26845

www.vupen.com/english/advisories/2007/4206

exchange.xforce.ibmcloud.com/vulnerabilities/39013

www.exploit-db.com/exploits/4725

7.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.215 Low

EPSS

Percentile

96.4%

JSON

Related for CVE-2007-6325

prion2 cve1