6.2

CVE-2007-1370

EPSS 0.05%
Published 09.03.2007 22:19:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and certain other files, which allows local users to gain root privileges by modifying the files.  NOTE: this only occurs when safe_mode and open_basedir are disabled; other settings require leverage for other vulnerabilities.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Zend ≫ Zend Platform Version2.2.1a

Zend ≫ Zend Platform Version2.2.1a Updatea

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.128

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.2	1.9	10	AV:L/AC:H/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/24501

http://www.vupen.com/english/advisories/2007/0829

http://www.zend.com/products/zend_platform/security_vulnerabilities

Vendor Advisory

http://www.osvdb.org/32772

http://www.php-security.org/MOPB/BONUS-06-2007.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/22801

https://exchange.xforce.ibmcloud.com/vulnerabilities/32825

https://nvd.nist.gov/vuln/detail/CVE-2007-1370

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1370

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1370

EUVD