CVE-2007-2093

Sažetak

Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

Reference

http://secunia.com/advisories/24904
http://securityreason.com/securityalert/2590
http://www.securityfocus.com/archive/1/465864/100/0/threaded
http://www.securityfocus.com/bid/23503
http://www.vupen.com/english/advisories/2007/1393
https://exchange.xforce.ibmcloud.com/vulnerabilities/33666
https://www.exploit-db.com/exploits/3735

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:41

Objavljeno

18-04-2007 - 10:19