Lucene search

[email protected]CVE-2007-1010

HistoryFeb 21, 2007 - 11:28 a.m.

CVE-2007-1010

2007-02-2111:28:00

[email protected]

web.nvd.nist.gov

cve-2007-1010

php

remote file inclusion

zebrafeeds

vulnerability

url

arbitrary code

newsfeeds

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.569 Medium

EPSS

Percentile

97.7%

JSON

Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.

Affected configurations

NVD

Node

zebrafeedszebrafeedsMatch1.0

CPENameOperatorVersion
zebrafeeds:zebrafeedszebrafeedseq1.0

CPE	Name	Operator	Version
zebrafeeds:zebrafeeds	zebrafeeds	eq	1.0

References

cazalet.org/category/zebrafeeds

cazalet.org/zebrafeeds/forums/viewtopic.php?pid=358

osvdb.org/33205

osvdb.org/33206

secunia.com/advisories/24162

www.securityfocus.com/bid/22576

www.vupen.com/english/advisories/2007/0622

exchange.xforce.ibmcloud.com/vulnerabilities/32507

www.exploit-db.com/exploits/3314

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.569 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2007-1010

prion1 nvd1 checkpoint_advisories1 cvelist1 securityvulns1