[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

247213

 
 

909

 
 

194329

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-5056Date: (C)2007-09-24   (M)2023-12-22


Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.attrition.org/pipermail/vim/2007-September/001800.html
BID-25768
SECUNIA-26928
SECUNIA-28859
SECUNIA-28873
SECUNIA-28874
SECUNIA-28886
OSVDB-40596
OSVDB-41422
OSVDB-41426
OSVDB-41427
OSVDB-41428
EXPLOIT-DB-4442
EXPLOIT-DB-5090
EXPLOIT-DB-5091
EXPLOIT-DB-5097
EXPLOIT-DB-5098
ADV-2007-3261
cmsmadesimple-adodbperfmod-code-execution(36733)
journalness-lastmodule-code-execution(40393)
openrealty-lastmodule-code-execution(40395)
pacercms-lastmodule-code-execution(40389)
sapidcmf-lastmodule-code-execution(40396)

CPE    1
cpe:/a:cmsmadesimple:cms_made_simple
CWE    1
CWE-94

© SecPod Technologies