Lucene search

[email protected]NVD:CVE-2007-0804

HistoryFeb 07, 2007 - 11:28 a.m.

CVE-2007-0804

2007-02-0711:28:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.037

Percentile

91.8%

JSON

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via “…” sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

Affected configurations

Nvd

Node

ggcmsggcmsMatch1.1.0_rc1

VendorProductVersionCPE
ggcmsggcms1.1.0_rc1cpe:2.3:a:ggcms:ggcms:1.1.0_rc1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ggcms	ggcms	1.1.0_rc1	cpe:2.3:a:ggcms:ggcms:1.1.0_rc1:::::::*

References

osvdb.org/35849

www.securityfocus.com/bid/22412

www.vupen.com/english/advisories/2007/0492

exchange.xforce.ibmcloud.com/vulnerabilities/32211

www.exploit-db.com/exploits/3271

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.037

Percentile

91.8%

JSON

Related for NVD:CVE-2007-0804

prion1 cvelist1 exploitdb1 cve1 securityvulns1