Lucene search

K
nvd[email protected]NVD:CVE-2007-2082
HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-2082

2007-04-1803:19:00
web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

Affected configurations

NVD
Node
myblogmyblogRange0.9.8

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

Related for NVD:CVE-2007-2082