CVE-2007-6585

Опубликовано: 28 дек. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in confirmUnsubscription.php in NmnNewsletter 1.0.7 allows remote attackers to execute arbitrary PHP code via a URL in the output parameter.

Ссылки

http://secunia.com/advisories/28245
Vendor Advisory
http://www.osvdb.org/39641
http://www.securityfocus.com/bid/26985
http://www.vupen.com/english/advisories/2007/4320
https://exchange.xforce.ibmcloud.com/vulnerabilities/39217
https://www.exploit-db.com/exploits/4763
http://secunia.com/advisories/28245
Vendor Advisory
http://www.osvdb.org/39641
http://www.securityfocus.com/bid/26985
http://www.vupen.com/english/advisories/2007/4320
https://exchange.xforce.ibmcloud.com/vulnerabilities/39217
https://www.exploit-db.com/exploits/4763

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nmnnewsletter:nmnnewsletter:1.0.7:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08004

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-rxxr-c2rf-78wm

github

почти 4 года назад