Lucene search

[email protected]NVD:CVE-2007-4925

HistorySep 18, 2007 - 6:17 p.m.

CVE-2007-4925

2007-09-1818:17:00

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment Client (ePC) 1.60 and 1.70 allows remote attackers to execute arbitrary commands via shell metacharacters in the paymentinfo parameter to simplePHPLinux/3payment_receive.php.

Affected configurations

Nvd

Node

ewirepayment_clientMatch1.60

ewirepayment_clientMatch1.70

VendorProductVersionCPE
ewirepayment_client1.60cpe:2.3:a:ewire:payment_client:1.60:*:*:*:*:*:*:*
ewirepayment_client1.70cpe:2.3:a:ewire:payment_client:1.70:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ewire	payment_client	1.60	cpe:2.3:a:ewire:payment_client:1.60:::::::*
ewire	payment_client	1.70	cpe:2.3:a:ewire:payment_client:1.70:::::::*

References

osvdb.org/40523

secunia.com/advisories/26780

www.fortconsult.net/images/pdf/advisory_feb2007.pdf

www.securityfocus.com/bid/25683

www.vupen.com/english/advisories/2007/3183

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.043

Percentile

92.5%

JSON

Related for NVD:CVE-2007-4925

exploitdb1 cve1 prion1 cvelist1