Lucene search

MitreCVE-2007-5100

HistorySep 26, 2007 - 10:17 p.m.

CVE-2007-5100

2007-09-2622:17:00

CWE-94

mitre

web.nvd.nist.gov

cve

2007

5100

php

remote

file inclusion

vulnerability

phpbb plus

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.117

Percentile

95.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009.

Affected configurations

Nvd

Node

phpbbphpbb_plusRange≤1.53a

phpbbphpbb_plusMatch1.53

VendorProductVersionCPE
phpbbphpbb_plus*cpe:2.3:a:phpbb:phpbb_plus:*:*:*:*:*:*:*:*
phpbbphpbb_plus1.53cpe:2.3:a:phpbb:phpbb_plus:1.53:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpbb	phpbb_plus	*	cpe:2.3:a:phpbb:phpbb_plus::::::::
phpbb	phpbb_plus	1.53	cpe:2.3:a:phpbb:phpbb_plus:1.53:::::::*

References

osvdb.org/38723

osvdb.org/38724

osvdb.org/38725

secunia.com/advisories/26888

www.phpbb2.de/ftopic45218.html

www.securityfocus.com/bid/25776

www.vupen.com/english/advisories/2007/3247

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.117

Percentile

95.4%

JSON

Related for CVE-2007-5100