Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5056

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5056
Last Modified 07 Mar 2011 10:00:00
Published 24 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5056

Summary

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

Vulnerable Systems

Application

  • Adodb Lite 1.42

  • Cmsmadesimple Cms Made Simple

  • Journalness

  • Open-realty

  • Pacercms

  • Sapid Cmf


References

XF - sapidcmf-lastmodule-code-execution(40396)

XF - openrealty-lastmodule-code-execution(40395)

XF - journalness-lastmodule-code-execution(40393)

XF - pacercms-lastmodule-code-execution(40389)

XF - cmsmadesimple-adodbperfmod-code-execution(36733)

VUPEN - ADV-2007-3261

BID - 25768

MILW0RM - 5098

MILW0RM - 5097

MILW0RM - 5091

MILW0RM - 5090

MILW0RM - 4442

VIM - 20070924 CMS Made Simple eval injection is really an ADOdb Lite problem

SECUNIA - 28886

SECUNIA - 28874

SECUNIA - 28873

SECUNIA - 28859

SECUNIA - 26928

OSVDB - 41428

OSVDB - 41427

OSVDB - 41426

OSVDB - 41422

OSVDB - 40596


Last Updated: 27 May 2016 10:46:02