CVE-2007-2167

Опубликовано: 22 апр. 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.

Ссылки

http://secunia.com/advisories/24955
http://www.securityfocus.com/bid/23573
http://www.vupen.com/english/advisories/2007/1447
http://www.x-pose.org/aimstats.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/33742
https://www.exploit-db.com/exploits/3762
http://secunia.com/advisories/24955
http://www.securityfocus.com/bid/23573
http://www.vupen.com/english/advisories/2007/1447
http://www.x-pose.org/aimstats.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/33742
https://www.exploit-db.com/exploits/3762

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:aimstats:aimstats:3.2:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04865

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-5q5m-mjqc-gj8w

github

почти 4 года назад