Lucene search

[email protected]CVE-2007-0189

HistoryJan 12, 2007 - 5:04 a.m.

CVE-2007-0189

2007-01-1205:04:00

[email protected]

web.nvd.nist.gov

cve-2007-0189

php

remote file inclusion

geobb

georgian bulletin board

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote attackers to execute arbitrary PHP code via a URL in the action parameter. NOTE: CVE disputes this issue, since GeoBB 1.0 sets $action to a whitelisted value

Affected configurations

NVD

Node

geobbgeorgian_bulletin_board

CPENameOperatorVersion
geobb:georgian_bulletin_boardgeobb georgian bulletin boardeq*

CPE	Name	Operator	Version
geobb:georgian_bulletin_board	geobb georgian bulletin board	eq	*

References

osvdb.org/33440

securityreason.com/securityalert/2141

www.attrition.org/pipermail/vim/2007-January/001230.html

www.securityfocus.com/archive/1/456251/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/31335

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2007-0189

nvd1 prion1 cvelist1 securityvulns1