Lucene search

[email protected]NVD:CVE-2007-4949

HistorySep 18, 2007 - 8:17 p.m.

CVE-2007-4949

2007-09-1820:17:00

CWE-94

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7pl1 allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) ekilat.com-int.tpl.php, (2) phpreactor.org-top.tpl.php, or (3) ekilat.com-top.tpl.php in examples/. NOTE: this issue has been disputed by CVE, since the vulnerability is present only when the product is incorrectly installed by placing examples/ under the web root

Affected configurations

NVD

Node

phpreactorphpreactorMatch1.2.7_pl1

References

arfis.wordpress.com/2007/09/14/rfi-03-phpreactor/

osvdb.org/43139

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for NVD:CVE-2007-4949

cvelist1 cve1 prion1