{"bulletinFamily": "software", "viewCount": 0, "reporter": "Kw3rLN(office@rosecuritygroup.net)", "references": [], "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\n[Secunia Advisory ID:25680](https://secuniaresearch.flexerasoftware.com/advisories/25680/)\n[Related OSVDB ID: 36324](https://vulners.com/osvdb/OSVDB:36324)\n[Related OSVDB ID: 36325](https://vulners.com/osvdb/OSVDB:36325)\n[CVE-2007-3359](https://vulners.com/cve/CVE-2007-3359)\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:36326", "modified": "2007-06-22T00:00:00", "enchantments": {"score": {"value": 4.9, "vector": "NONE", "modified": "2017-04-28T13:20:32", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-3359"]}, {"type": "osvdb", "idList": ["OSVDB:36325"]}], "modified": "2017-04-28T13:20:32", "rev": 2}, "vulnersScore": 4.9}, "id": "OSVDB:36326", "title": "SERWeb html/mail_prepend.php _SERWEB[serwebdir] Variable Remote File Inclusion", "edition": 1, "published": "2007-06-22T00:00:00", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2007-3359"], "lastseen": "2017-04-28T13:20:32"}

{"cve": [{"lastseen": "2020-12-09T19:26:06", "description": "Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _SERWEB[serwebdir] parameter to (1) html/load_apu.php or (2) html/mail_prepend.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.\nSuccessful exploitation requires that \"register_globals\" is enabled.", "edition": 5, "cvss3": {}, "published": "2007-06-22T18:30:00", "title": "CVE-2007-3359", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-3359"], "modified": "2008-11-15T06:52:00", "cpe": ["cpe:/a:iptel:serweb:0.9.6"], "id": "CVE-2007-3359", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3359", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:iptel:serweb:0.9.6:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "cvelist": ["CVE-2007-3359"], "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## References:\n[Secunia Advisory ID:25680](https://secuniaresearch.flexerasoftware.com/advisories/25680/)\n[Related OSVDB ID: 36324](https://vulners.com/osvdb/OSVDB:36324)\n[Related OSVDB ID: 36326](https://vulners.com/osvdb/OSVDB:36326)\n[CVE-2007-3359](https://vulners.com/cve/CVE-2007-3359)\n", "edition": 1, "modified": "2007-06-22T00:00:00", "published": "2007-06-22T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:36325", "id": "OSVDB:36325", "title": "SERWeb html/load_apu.php _SERWEB[serwebdir] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}