CVE-2007-5056

2007-09-2422:17:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.696

Percentile

98.0%

JSON

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

Affected configurations

Nvd

Node

adodb_liteadodb_liteRange≤1.42

cmsmadesimplecms_made_simple

journalnessjournalness

open-realtyopen-realty

pacercmspacercms

sapidsapid_cmf

VendorProductVersionCPE
adodb_liteadodb_lite*cpe:2.3:a:adodb_lite:adodb_lite:*:*:*:*:*:*:*:*
cmsmadesimplecms_made_simple*cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*
journalnessjournalness*cpe:2.3:a:journalness:journalness:*:*:*:*:*:*:*:*
open-realtyopen-realty*cpe:2.3:a:open-realty:open-realty:*:*:*:*:*:*:*:*
pacercmspacercms*cpe:2.3:a:pacercms:pacercms:*:*:*:*:*:*:*:*
sapidsapid_cmf*cpe:2.3:a:sapid:sapid_cmf:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adodb_lite	adodb_lite	*	cpe:2.3:a:adodb_lite:adodb_lite::::::::
cmsmadesimple	cms_made_simple	*	cpe:2.3:a:cmsmadesimple:cms_made_simple::::::::
journalness	journalness	*	cpe:2.3:a:journalness:journalness::::::::
open-realty	open-realty	*	cpe:2.3:a:open-realty:open-realty::::::::
pacercms	pacercms	*	cpe:2.3:a:pacercms:pacercms::::::::
sapid	sapid_cmf	*	cpe:2.3:a:sapid:sapid_cmf::::::::