Lucene search

MitreCVE-2007-2141

HistoryApr 19, 2007 - 10:19 a.m.

CVE-2007-2141

2007-04-1910:19:00

mitre

web.nvd.nist.gov

cve

2007

2141

static code injection

vulnerability

shoutbox.php

shoutpro 1.5.2

remote attackers

php code

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.133

Percentile

95.6%

JSON

Direct static code injection vulnerability in shoutbox.php in ShoutPro 1.5.2 allows remote attackers to inject arbitrary PHP code into shouts.php via the shout parameter.

Affected configurations

Nvd

Node

shoutproshoutproRange≤1.5.2

VendorProductVersionCPE
shoutproshoutpro*cpe:2.3:a:shoutpro:shoutpro:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shoutpro	shoutpro	*	cpe:2.3:a:shoutpro:shoutpro::::::::

References

osvdb.org/34999

secunia.com/advisories/24939

securityreason.com/securityalert/2593

www.securityfocus.com/archive/1/466037/100/0/threaded

www.securityfocus.com/bid/23542

www.vupen.com/english/advisories/2007/1432

exchange.xforce.ibmcloud.com/vulnerabilities/33727

www.exploit-db.com/exploits/3758

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

High

EPSS

0.133

Percentile

95.6%

JSON

Related for CVE-2007-2141