Lucene search

[email protected]NVD:CVE-2007-5100

HistorySep 26, 2007 - 10:17 p.m.

CVE-2007-5100

2007-09-2622:17:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.117

Percentile

95.4%

JSON

Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, and 1.53a before 20070922, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) language/lang_german/lang_admin_album.php, (2) language/lang_english/lang_main_album.php, and (3) language/lang_english/lang_admin_album.php, different vectors than CVE-2007-5009.

Affected configurations

Nvd

Node

phpbbphpbb_plusRange≤1.53a

phpbbphpbb_plusMatch1.53

VendorProductVersionCPE
phpbbphpbb_plus*cpe:2.3:a:phpbb:phpbb_plus:*:*:*:*:*:*:*:*
phpbbphpbb_plus1.53cpe:2.3:a:phpbb:phpbb_plus:1.53:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpbb	phpbb_plus	*	cpe:2.3:a:phpbb:phpbb_plus::::::::
phpbb	phpbb_plus	1.53	cpe:2.3:a:phpbb:phpbb_plus:1.53:::::::*

References

osvdb.org/38723

osvdb.org/38724

osvdb.org/38725

secunia.com/advisories/26888

www.phpbb2.de/ftopic45218.html

www.securityfocus.com/bid/25776

www.vupen.com/english/advisories/2007/3247

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.117

Percentile

95.4%

JSON

Related for NVD:CVE-2007-5100

prion2 cve2 cvelist2 nvd1 canvas1 exploitdb1 nessus1