Lucene search

[email protected]CVE-2007-2093

HistoryApr 18, 2007 - 10:19 a.m.

CVE-2007-2093

2007-04-1810:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2093

code injection

limesoft guestbook

ls simple guestbook

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.1%

JSON

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

Affected configurations

NVD

Node

limesoftlimesoft_guestbookMatch1.0

CPENameOperatorVersion
limesoft:limesoft_guestbooklimesoft limesoft guestbookeq1.0

CPE	Name	Operator	Version
limesoft:limesoft_guestbook	limesoft limesoft guestbook	eq	1.0

References

secunia.com/advisories/24904

securityreason.com/securityalert/2590

www.securityfocus.com/archive/1/465864/100/0/threaded

www.securityfocus.com/bid/23503

www.vupen.com/english/advisories/2007/1393

exchange.xforce.ibmcloud.com/vulnerabilities/33666

www.exploit-db.com/exploits/3735

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.1%

JSON

Related for CVE-2007-2093

prion1 canvas1 cvelist1 nvd1