Lucene search

[email protected]CVE-2007-0535

HistoryJan 26, 2007 - 1:28 a.m.

CVE-2007-0535

2007-01-2601:28:00

[email protected]

web.nvd.nist.gov

cve-2007-0535

eval injection

remote code execution

php

vulnerability

vote! pro 4.0

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.3%

JSON

Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

vote_provote_proRange≤4.0

CPENameOperatorVersion
vote_pro:vote_provote prole4.0

CPE	Name	Operator	Version
vote_pro:vote_pro	vote pro	le	4.0

References

osvdb.org/31606

secunia.com/advisories/23834

www.vupen.com/english/advisories/2007/0300

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

Low

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2007-0535

prion2 cvelist2 nvd2 cve1 securityvulns1