Lucene search
MitreCVE-2007-1382HistoryMar 10, 2007 - 12:19 a.m.
CVE-2007-1382
2007-03-1000:19:00
mitre
web.nvd.nist.gov
35
php
com extension
windows
arbitrary code execution
wscript.shell
safe mode bypass
cve-2007-1382
CVSS2
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
AI Score
7.6
Confidence
High
EPSS
0
Percentile
10.4%
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP’s safe mode.
Affected configurations
Node
microsoftall_windowsMatchabstract_cpe
phpcom_extensions
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | all_windows | abstract_cpe | cpe:2.3:o:microsoft:all_windows:abstract_cpe:*:*:*:*:*:*:* |
| php | com_extensions | * | cpe:2.3:a:php:com_extensions:*:*:*:*:*:*:*:* |
References
Related
prion
prion
Code injection
2007-03-10 00:19:00
exploitdb
exploitdb
securityvulns
securityvulns
PHP COM extension safe_mode protection bypass
2007-03-10 00:00:00
cvelist
cvelist
CVE-2007-1382
2007-03-10 00:00:00
nvd
nvd
CVE-2007-1382
2007-03-10 00:19:00
CVSS2
6.8
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
AI Score
7.6
Confidence
High
EPSS
0
Percentile
10.4%
Related for CVE-2007-1382