Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5230

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5230
Last Modified 05 Sep 2008 05:30:12
Published 05 Oct 2007 07:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5230

Summary

admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for administrative credentials, which allows remote attackers to perform administrative actions via a direct request. NOTE: this can be leveraged for code execution by exploiting CVE-2007-5231.

Vulnerable Systems

Application

  • Zomplog 3.7

  • Zomplog 3.7.6

  • Zomplog 3.8

  • Zomplog 3.8.1


References

BID - 25861

SECUNIA - 27028

MILW0RM - 4466


Last Updated: 27 May 2016 10:46:06