Lucene search

[email protected]CVE-2007-4328

HistoryAug 14, 2007 - 12:17 a.m.

CVE-2007-4328

2007-08-1400:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-4328

php

remote file inclusion

mapos bilder galerie

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.101 Low

EPSS

Percentile

95.0%

JSON

Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected, but that the filename for vector 3 is anzeigen.php.

Affected configurations

NVD

Node

mapos_scriptsbilder_galerieMatch1.0

mapos_scriptsbilder_galerieMatch1.1

CPENameOperatorVersion
mapos_scripts:bilder_galeriemapos scripts bilder galerieeq1.0
mapos_scripts:bilder_galeriemapos scripts bilder galerieeq1.1

CPE	Name	Operator	Version
mapos_scripts:bilder_galerie	mapos scripts bilder galerie	eq	1.0
mapos_scripts:bilder_galerie	mapos scripts bilder galerie	eq	1.1

References

osvdb.org/36455

osvdb.org/36456

osvdb.org/36457

secunia.com/advisories/26400

securityreason.com/securityalert/2999

www.securityfocus.com/archive/1/475952/100/0/threaded

www.securityfocus.com/bid/25256

www.vupen.com/english/advisories/2007/2838

exchange.xforce.ibmcloud.com/vulnerabilities/35923

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.101 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2007-4328

cvelist1 prion1 nvd1