Lucene search

MitreCVE-2007-6289

HistoryDec 10, 2007 - 6:46 p.m.

CVE-2007-6289

2007-12-1018:46:00

CWE-94

mitre

web.nvd.nist.gov

serweb

php

remote file inclusion

vulnerability

cve-2007-6289

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.09

Percentile

94.7%

JSON

Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 dev1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SERWEB[configdir] parameter to load_lang.php, (2) _SERWEB[functionsdir] parameter to main_prepend.php, and the (3) _PHPLIB[libdir] parameter to load_phplib.php, different vectors than CVE-2007-3359 and CVE-2007-3358.

Affected configurations

Nvd

Node

iptelserwebRange≤2.0.0dev1

VendorProductVersionCPE
iptelserweb*cpe:2.3:a:iptel:serweb:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
iptel	serweb	*	cpe:2.3:a:iptel:serweb::::::::

References

www.securityfocus.com/bid/26747

exchange.xforce.ibmcloud.com/vulnerabilities/38906

www.exploit-db.com/exploits/4696

www.exploit-db.com/exploits/9284

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.09

Percentile

94.7%

JSON

Related for CVE-2007-6289