CVE-2007-0182

EPSS 4.55%
Veröffentlicht 12.01.2007 05:04:00
Zuletzt bearbeitet 16.06.2026 22:35:04
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attackers to execute arbitrary PHP code via a URL in the _config[site_path] parameter to (1) admin_password.php, (2) add_welcome_text.php, (3) admin_email.php, (4) add_templates.php, (5) admin_paypal_email.php, (6) approve_member.php, (7) delete_member.php, (8) index.php, (9) list_members.php, (10) membership_pricing.php, or (11) send_email.php in admin/; (12) config.php or (13) db_config.php in include/; or (14) add_category.php, (15) add_news.php, (16) change_catalog_template.php, (17) couple_milestone.php, (18) couple_profile.php, (19) delete_category.php, (20) index.php, (21) login.php, (22) logout.php, (23) register.php, (24) upload_photo.php, (25) user_catelog_password.php, (26) user_email.php, (27) user_extend.php, or (28) user_membership_password.php in user/.  NOTE: the include/common_function.php vector is already covered by another candidate from the same date.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 35

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Scriptaty ≫ Magic Photo Storage Website

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.55%	0.904

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://www.securityfocus.com/bid/21965

http://securityreason.com/securityalert/2136

http://www.osvdb.org/32668

http://www.osvdb.org/33411

http://www.osvdb.org/33412

http://www.osvdb.org/33413

http://www.osvdb.org/33414

http://www.osvdb.org/33415

http://www.osvdb.org/33416

http://www.osvdb.org/33417

http://www.osvdb.org/33418

http://www.osvdb.org/33419

http://www.osvdb.org/33420

http://www.osvdb.org/33421

http://www.osvdb.org/33422

http://www.osvdb.org/33423

http://www.osvdb.org/33425

http://www.osvdb.org/33426

http://www.osvdb.org/33427

http://www.osvdb.org/33428

http://www.osvdb.org/33429

http://www.osvdb.org/33430

http://www.osvdb.org/33431

http://www.osvdb.org/33432

http://www.osvdb.org/33433

http://www.osvdb.org/33434

http://www.osvdb.org/33435

http://www.osvdb.org/33436

http://www.osvdb.org/33437

http://www.osvdb.org/33438

http://www.osvdb.org/33439

http://www.securityfocus.com/archive/1/456389/100/0/threaded

https://nvd.nist.gov/vuln/detail/CVE-2007-0182

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-0182

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-0182

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2007-0182