CVE-2007-1382 : The PHP COM extensions for PHP on Windows systems allow context-dependent attack

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

Published 2007-03-10 00:19:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2007-1382

PHP » Com Extensions
cpe:2.3:a:php:com_extensions:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » All Windows » Version: Abstract Cpe

Exploit prediction scoring system (EPSS) score for CVE-2007-1382

EPSS FAQ

0.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 43 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2007-1382

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:L/AC:L/Au:S/C:C/I:C/A:C	3.1	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2007-1382

https://www.exploit-db.com/exploits/3429

Jump to

Vulnerability Details : CVE-2007-1382

Products affected by CVE-2007-1382

Exploit prediction scoring system (EPSS) score for CVE-2007-1382

CVSS scores for CVE-2007-1382

References for CVE-2007-1382