7.5

CVE-2007-1035

EPSS 1.11%
Published 21.02.2007 11:28:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Drupal ≫ Audio Module

Drupal ≫ Getid3 Version1.7.1

Drupal ≫ Mediafield Module

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.11%	0.772

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module

http://drupal.org/node/119385

Patch

Vendor Advisory

http://osvdb.org/35161

http://www.securityfocus.com/bid/22587

Patch

http://www.vupen.com/english/advisories/2007/0635

https://exchange.xforce.ibmcloud.com/vulnerabilities/32542

https://nvd.nist.gov/vuln/detail/CVE-2007-1035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1035

EUVD