Lucene search

MitreCVE-2007-5822

HistoryNov 05, 2007 - 7:46 p.m.

CVE-2007-5822

2007-11-0519:46:00

CWE-94

mitre

web.nvd.nist.gov

cve

2007

5822

code injection

vulnerability

forum.php

ben ng scribe

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.025

Percentile

90.3%

JSON

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and earlier allows remote attackers to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.

Affected configurations

Nvd

Node

scribescribeMatch0.2

VendorProductVersionCPE
scribescribe0.2cpe:2.3:a:scribe:scribe:0.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scribe	scribe	0.2	cpe:2.3:a:scribe:scribe:0.2:::::::*

References

osvdb.org/45287

securityreason.com/securityalert/3339

www.inj3ct-it.org/exploit/scribe.txt

www.securityfocus.com/archive/1/483183/100/0/threaded

www.securityfocus.com/bid/26302

www.vupen.com/english/advisories/2007/3746

exchange.xforce.ibmcloud.com/vulnerabilities/38227

www.exploit-db.com/exploits/4596

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

High

EPSS

0.025

Percentile

90.3%

JSON

Related for CVE-2007-5822