Lucene search
HistoryMar 20, 2007 - 8:19 p.m.
CVE-2007-1525
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.145
Percentile
95.8%
Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php.
Affected configurations
Node
dayfox_designsdayfox_blogMatch4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| dayfox_designs | dayfox_blog | 4 | cpe:2.3:a:dayfox_designs:dayfox_blog:4:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2007-03-20 20:19:00
cvelist
cvelist
CVE-2007-1525
2007-03-20 20:00:00
exploitdb
exploitdb
Dayfox Blog 4 - 'postpost.php' Remote Code Execution
2007-03-14 00:00:00
cve
cve
CVE-2007-1525
2007-03-20 20:19:00
canvas
canvas
Immunity Canvas: DFBLOG4_EXEC
2007-03-20 20:19:00
securityvulns
securityvulns
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.145
Percentile
95.8%
Related for NVD:CVE-2007-1525