Description
PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.
Affected Software
Related
{"id": "CVE-2015-7774", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2015-7774", "description": "PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.", "published": "2015-11-14T03:59:00", "modified": "2015-11-16T19:24:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.5}, "severity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7774", "reporter": "vultures@jpcert.or.jp", "references": ["http://www.pwebmanager.org/", "http://jvn.jp/en/jp/JVN25323093/index.html", "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000180"], "cvelist": ["CVE-2015-7774"], "immutableFields": [], "lastseen": "2022-03-23T13:59:22", "viewCount": 11, "enchantments": {"dependencies": {"references": [{"type": "jvn", "idList": ["JVN:25323093"]}], "rev": 4}, "score": {"value": 6.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "jvn", "idList": ["JVN:25323093"]}]}, "exploitation": null, "vulnersScore": 6.6}, "_state": {"dependencies": 0}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:pc-egg:pwebmanager:2.2.2", "cpe:/a:pc-egg:pwebmanager:3.3.9a"], "cpe23": ["cpe:2.3:a:pc-egg:pwebmanager:3.3.9a:*:*:*:*:*:*:*", "cpe:2.3:a:pc-egg:pwebmanager:2.2.2:*:*:*:*:*:*:*"], "cwe": ["CWE-78"], "affectedSoftware": [{"cpeName": "pc-egg:pwebmanager", "version": "3.3.9a", "operator": "le", "name": "pc-egg pwebmanager"}, {"cpeName": "pc-egg:pwebmanager", "version": "2.2.2", "operator": "le", "name": "pc-egg pwebmanager"}], "affectedConfiguration": [{"name": "php", "cpeName": "php:php", "version": "4.4.5", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.4", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.3", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.2", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.1", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.8", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.6", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.9", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.7", "operator": "eq"}, {"name": "php", "cpeName": "php:php", "version": "4.4.0", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:pc-egg:pwebmanager:3.3.9a:*:*:*:*:*:*:*", "versionEndIncluding": "3.3.9a", "cpe_name": []}]}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:pc-egg:pwebmanager:2.2.2:*:*:*:*:*:*:*", "versionEndIncluding": "2.2.2", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": false, "cpe23Uri": "cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "http://www.pwebmanager.org/", "name": "http://www.pwebmanager.org/", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"]}, {"url": "http://jvn.jp/en/jp/JVN25323093/index.html", "name": "JVN#25323093", "refsource": "JVN", "tags": ["Vendor Advisory"]}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000180", "name": "JVNDB-2015-000180", "refsource": "JVNDB", "tags": ["Vendor Advisory"]}]}
{"jvn": [{"lastseen": "2021-12-28T23:20:49", "description": "pWebManager provided by PC-EGG Co.,Ltd. contains an OS command injection vulnerability (CWE-78).\n\n ## Impact\n\nAn arbitrary OS command may be executed on the server by a user logged in with editor permissions.\n\n ## Solution\n\n**Update the Software** \nUpdate to the latest version according to the information provided by the developer.\n\n ## Products Affected\n\n * pWebManager 3.3.9a and earlier\n * pWebManager (UTF-8) 3.3.9a and earlier\n * pWebManager (for PHP4) 2.2.2 and earlier\n", "cvss3": {}, "published": "2015-11-13T00:00:00", "type": "jvn", "title": "JVN#25323093: pWebManager vulnerable to OS command injection", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-7774"], "modified": "2015-11-13T00:00:00", "id": "JVN:25323093", "href": "http://jvn.jp/en/jp/JVN25323093/index.html", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}