Lucene search

MitreCVE-2007-2545

HistoryMay 09, 2007 - 1:19 a.m.

CVE-2007-2545

2007-05-0901:19:00

mitre

web.nvd.nist.gov

cve

2007

2545

persism cms

remote file inclusion

php

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.376

Percentile

97.2%

JSON

Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php, (4) forums/blocks/latest_posts.php, (5) groups/headerfile.php, (6) links/blocks/links.php, (7) menu/headerfile.php, (8) news/blocks/latest_news.php, (9) settings/headerfile.php, or (10) users/headerfile.php, in modules/.

Affected configurations

Nvd

Node

persism_cmspersism_cmsRange≤0.9.2

VendorProductVersionCPE
persism_cmspersism_cms*cpe:2.3:a:persism_cms:persism_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
persism_cms	persism_cms	*	cpe:2.3:a:persism_cms:persism_cms::::::::

References

osvdb.org/37767

osvdb.org/37768

osvdb.org/37769

osvdb.org/37770

osvdb.org/37771

osvdb.org/37772

osvdb.org/37773

osvdb.org/37774

osvdb.org/37775

osvdb.org/37776

www.securityfocus.com/bid/23828

www.vupen.com/english/advisories/2007/1671

exchange.xforce.ibmcloud.com/vulnerabilities/34102

www.exploit-db.com/exploits/3853

Social References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.376

Percentile

97.2%

JSON

Related for CVE-2007-2545