Lucene search

[email protected]NVD:CVE-2007-0082

HistoryJan 05, 2007 - 11:28 a.m.

CVE-2007-0082

2007-01-0511:28:00

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple extensions, which allows remote authenticated users to upload and execute arbitrary PHP scripts.

Affected configurations

Nvd

Node

imgalleryimgalleryMatch2.4

imgalleryimgalleryMatch2.5

VendorProductVersionCPE
imgalleryimgallery2.4cpe:2.3:a:imgallery:imgallery:2.4:*:*:*:*:*:*:*
imgalleryimgallery2.5cpe:2.3:a:imgallery:imgallery:2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
imgallery	imgallery	2.4	cpe:2.3:a:imgallery:imgallery:2.4:::::::*
imgallery	imgallery	2.5	cpe:2.3:a:imgallery:imgallery:2.5:::::::*

References

www.securityfocus.com/bid/21827

www.vupen.com/english/advisories/2007/0010

exchange.xforce.ibmcloud.com/vulnerabilities/31237

www.exploit-db.com/exploits/3049

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.1

Confidence

Low

EPSS

0.02

Percentile

89.0%

JSON

Related for NVD:CVE-2007-0082

cvelist1 prion1 exploitdb1 cve1