Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5453

Overview

Vulnerability Score 8.5 8.5
CVE Id CVE-2007-5453
Last Modified 15 Nov 2008 02:01:02
Published 14 Oct 2007 02:17:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2007-5453

Summary

Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow remote authenticated administrators to execute arbitrary code by writing PHP sequences to the php-stats-options record in the _options table, which is used in an eval function call by (1) admin.php, (2) click.php, (3) download.php, and unspecified other files, as demonstrated by modifying _options through a backup restore action in admin.php.

Vulnerable Systems

Application

  • Php-stats 0.1.9.2


References

BID - 26022

MILW0RM - 4513

OSVDB - 43480


Last Updated: 27 May 2016 10:46:10