Lucene search

PRIOn knowledge basePRION:CVE-2007-1136

HistoryMar 02, 2007 - 9:18 p.m.

Code injection

2007-03-0221:18:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.3%

JSON

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.

CPENameOperatorVersion
webmplayereq0.3.3
webmplayereq0.3
webmplayereq0.5 alpha
webmplayerle0.6
webmplayereq0.2.1
webmplayereq0.1
webmplayereq0.3.1
webmplayereq0.3.2
webmplayereq0.5.1 alpha
webmplayereq0.4

Name	Operator	Version
webmplayer	eq	0.3.3
webmplayer	eq	0.3
webmplayer	eq	0.5 alpha
webmplayer	le	0.6
webmplayer	eq	0.2.1
webmplayer	eq	0.1
webmplayer	eq	0.3.1
webmplayer	eq	0.3.2
webmplayer	eq	0.5.1 alpha
webmplayer	eq	0.4

References

attrition.org/pipermail/vim/2007-February/001399.html

osvdb.org/34441

sourceforge.net/project/shownotes.php?release_id=486880&group_id=172354

www.securityfocus.com/bid/22726

www.vupen.com/english/advisories/2007/0742

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.06 Low

EPSS

Percentile

93.3%

JSON

Related for PRION:CVE-2007-1136