Lucene search

[email protected]CVE-2007-2076

HistoryApr 18, 2007 - 3:19 a.m.

CVE-2007-2076

2007-04-1803:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2076

php

remote file inclusion

maian gallery 1.0

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

JSON

PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating “this problem existed only briefly in v1.0.”

Affected configurations

NVD

Node

maiangalleryMatch1.0

CPENameOperatorVersion
maian:gallerymaian galleryeq1.0

CPE	Name	Operator	Version
maian:gallery	maian gallery	eq	1.0

References

archives.neohapsis.com/archives/bugtraq/2007-04/0244.html

attrition.org/pipermail/vim/2007-April/001530.html

www.osvdb.org/34149

www.securityfocus.com/archive/1/465732/100/0/threaded

www.securityfocus.com/archive/1/465853/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/33692

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2007-2076

prion1 cvelist1 nvd1 securityvulns1