Vulnerability Details : CVE-2007-5440
Multiple PHP remote file inclusion vulnerabilities in CRS Manager allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter to (1) index.php or (2) login.php. NOTE: this issue is disputed by CVE, since DOCUMENT_ROOT cannot be modified by an attacker
Vulnerability category: File inclusion
Products affected by CVE-2007-5440
- cpe:2.3:a:crs_manager:crs_manager:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5440
10.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5440
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-5440
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5440
-
http://securityreason.com/securityalert/3216
Vulnerabilities digest by different Russian speaking authors - CXSecurity.com
-
http://securityvulns.com/Rdocument959.html
CRS Manager ($DOCUMENT_ROOT) Multi Remote File Inclu... - vulnerability database | Vulners.comExploit
-
http://osvdb.org/43486
-
http://www.securityfocus.com/archive/1/482006/100/0/threaded
-
http://www.securityfocus.com/bid/26034
-
http://securityvulns.com/source26994.html
3proxy tiny free proxy server for Windows, Linux, Unix: SOCKS, HTTP, FTP proxy
Jump to