CVE-2007-5457

2007-10-1419:17:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.045

Percentile

92.6%

JSON

Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle Joomla Flash Uploader (com_jfu or com_joomla_flash_uploader) 2.5.1 component for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) install.joomla_flash_uploader.php and (2) uninstall.joomla_flash_uploader.php.

Affected configurations

Nvd

Node

joomlajoomla

michael_dempflejoomla_flash_uploaderMatch2.5.1

VendorProductVersionCPE
joomlajoomla*cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*
michael_dempflejoomla_flash_uploader2.5.1cpe:2.3:a:michael_dempfle:joomla_flash_uploader:2.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joomla	joomla	*	cpe:2.3:a:joomla:joomla::::::::
michael_dempfle	joomla_flash_uploader	2.5.1	cpe:2.3:a:michael_dempfle:joomla_flash_uploader:2.5.1:::::::*