CVE-2007-2501

Опубликовано: 04 мая 2007

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call.

Ссылки

http://codepress.sourceforge.net/changelog.php
Patch
http://osvdb.org/36484
http://secunia.com/advisories/25124
Patch
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=505510
http://www.securityfocus.com/bid/23788
http://www.vupen.com/english/advisories/2007/1638
https://exchange.xforce.ibmcloud.com/vulnerabilities/34055
http://codepress.sourceforge.net/changelog.php
Patch
http://osvdb.org/36484
http://secunia.com/advisories/25124
Patch
Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=505510
http://www.securityfocus.com/bid/23788
http://www.vupen.com/english/advisories/2007/1638
https://exchange.xforce.ibmcloud.com/vulnerabilities/34055

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fernando_m.a.d.s.:codepress:*:*:*:*:*:*:*:*

Версия до 0.9.3 (включая)

EPSS

Процентиль: 87%

0.03286

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-fp9p-v798-8f32

github

почти 4 года назад