Lucene search

MitreCVE-2007-1060

HistoryFeb 22, 2007 - 12:28 a.m.

CVE-2007-1060

2007-02-2200:28:00

mitre

web.nvd.nist.gov

interspire sendstudio

php

remote file inclusion

vulnerability

nvd

security

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.355

Percentile

97.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

Affected configurations

Nvd

Node

interspiresendstudioRange≤2004.14

VendorProductVersionCPE
interspiresendstudio*cpe:2.3:a:interspire:sendstudio:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
interspire	sendstudio	*	cpe:2.3:a:interspire:sendstudio::::::::

References

advisories.echo.or.id/adv/adv66-K-159-2007.txt

osvdb.org/33264

osvdb.org/33265

secunia.com/advisories/24212

www.securityfocus.com/archive/1/460964/100/0/threaded

www.securityfocus.com/archive/1/461019/100/0/threaded

www.securityfocus.com/bid/22642

www.vupen.com/english/advisories/2007/0672

exchange.xforce.ibmcloud.com/vulnerabilities/32602

www.exploit-db.com/exploits/3348

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.355

Percentile

97.2%

JSON

Related for CVE-2007-1060