7.5
CVE-2007-5440
- EPSS 3.22%
- Veröffentlicht 14.10.2007 17:17:00
- Zuletzt bearbeitet 16.06.2026 22:46:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.22% | 0.866 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://securityvulns.com/source26994.html
http://www.securityfocus.com/archive/1/482006/100/0/threaded
http://securityreason.com/securityalert/3216
http://osvdb.org/43486
http://securityvulns.com/Rdocument959.html
http://www.securityfocus.com/bid/26034