CVE-2007-0986

{"id": "CVE-2007-0986", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-02-16T11:28:00.000", "references": [{"url": "http://mgsdl.free.fr/advisories/12070214.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33730", "source": "cve@mitre.org"}, {"url": "http://www.acid-root.new.fr/advisories/12070214.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/460076/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/460100/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22560", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32519", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3309", "source": "cve@mitre.org"}, {"url": "http://mgsdl.free.fr/advisories/12070214.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/33730", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.acid-root.new.fr/advisories/12070214.txt", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/460076/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/460100/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/22560", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32519", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3309", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5, when PHP 5.0.0 or later is used, allows remote attackers to execute arbitrary PHP code via an ftp URL in the n parameter."}, {"lang": "es", "value": "Vulnerabilidad PHP de inclusi\u00f3n remota de archivo en index.php en Jupiter CMS 1.1.5, cuando se utiliza PHP 5.0.0 o posterior, permite a atacantes remotos ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de una URL ftp en el par\u00e1metro n."}], "lastModified": "2024-11-21T00:27:14.030", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jupiter_cms:jupiter_cms:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB372559-61D8-4E8D-9ED2-DB7F211E8C78"}], "operator": "OR"}]}], "evaluatorImpact": "Successful exploitation requires that \"magic_quotes_gpc\" is disabled and that \"allow_url_fopen\" is enabled.", "evaluatorComment": "This vulnerability requires that Jupiter CMS 1.1.5 is used with PHP 5.0.0 or later.", "sourceIdentifier": "cve@mitre.org"}