Lucene search

[email protected]NVD:CVE-2007-5178

HistoryOct 03, 2007 - 2:17 p.m.

CVE-2007-5178

2007-10-0314:17:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.213

Percentile

96.5%

JSON

contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB places a critical security check within a comment because of a missing comment delimiter, which allows remote attackers to conduct remote file inclusion attacks and execute arbitrary PHP code via a URL in the mx_root_path parameter. NOTE: some sources incorrectly state that phpbb_root_path is the affected parameter.

Affected configurations

Nvd

Node

mxbbmx_glanceMatch2.3.3

VendorProductVersionCPE
mxbbmx_glance2.3.3cpe:2.3:a:mxbb:mx_glance:2.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mxbb	mx_glance	2.3.3	cpe:2.3:a:mxbb:mx_glance:2.3.3:::::::*

References

osvdb.org/37400

secunia.com/advisories/27011

www.attrition.org/pipermail/vim/2007-October/001807.html

www.attrition.org/pipermail/vim/2007-October/001808.html

www.securityfocus.com/bid/25866

www.vupen.com/english/advisories/2007/3326

exchange.xforce.ibmcloud.com/vulnerabilities/36867

www.exploit-db.com/exploits/4470

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.213

Percentile

96.5%

JSON

Related for NVD:CVE-2007-5178

cvelist1 exploitdb1 cve1 prion1