CVE-2007-5234

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5234
PHP remote file inclusion vulnerability in upload/common/footer.php in Ossigeno CMS 2.2 alpha3 allows remote attackers to execute arbitrary PHP code via a URL in the level parameter.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://nicenamecrew.com/exploits/Ossigeno-script.txt URL Repurposed
http://www.securityfocus.com/bid/25924
https://exchange.xforce.ibmcloud.com/vulnerabilities/36949
https://www.exploit-db.com/exploits/4483
http://nicenamecrew.com/exploits/Ossigeno-script.txt URL Repurposed
http://www.securityfocus.com/bid/25924
https://exchange.xforce.ibmcloud.com/vulnerabilities/36949
https://www.exploit-db.com/exploits/4483
Configurations

Configuration 1 (hide)

cpe:2.3:a:ossigeno:ossigeno:2.2_alpha3:*:*:*:*:*:*:*
History

21 Nov 2024, 00:37

Type Values Removed Values Added
References () http://nicenamecrew.com/exploits/Ossigeno-script.txt - URL Repurposed () http://nicenamecrew.com/exploits/Ossigeno-script.txt - URL Repurposed
References () http://www.securityfocus.com/bid/25924 - () http://www.securityfocus.com/bid/25924 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/36949 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/36949 -
References () https://www.exploit-db.com/exploits/4483 - () https://www.exploit-db.com/exploits/4483 -

14 Feb 2024, 01:17

Type Values Removed Values Added
References (MISC) http://nicenamecrew.com/exploits/Ossigeno-script.txt - (MISC) http://nicenamecrew.com/exploits/Ossigeno-script.txt - URL Repurposed
Information

Published : 2007-10-05 23:17

Updated : 2024-11-21 00:37

NVD link : CVE-2007-5234

Mitre link : CVE-2007-5234

CVE.ORG link : CVE-2007-5234

JSON object : View

Products Affected

ossigeno

  • ossigeno
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024