CVE-2007-1155

EPSS 0.45%
Published 02.03.2007 21:18:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature.  NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Webspell ≫ Webspell

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.45%	0.605

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://securityreason.com/securityalert/2337

http://www.securityfocus.com/archive/1/460937/100/0/threaded

https://exchange.xforce.ibmcloud.com/vulnerabilities/32670

https://nvd.nist.gov/vuln/detail/CVE-2007-1155

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1155

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1155

EUVD