Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5914

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5914
Last Modified 15 Nov 2008 02:02:38
Published 09 Nov 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5914

Summary

Direct static code injection vulnerability in dirsys/modules/config/post.php in JBC Explorer 7.20 RC1 and earlier allows remote authenticated administrators to inject arbitrary PHP code via the DEBUG parameter, which can be executed by accessing config.inc.php. NOTE: this can be exploited by unauthenticated remote attackers by leveraging CVE-2007-5913.

Vulnerable Systems

Application

  • Jean Charles Jbc Explorer 7.20 Rc1


References

BUGTRAQ - 20071104 JBC Explorer <= V7.20 RC 1 Remote Code Execution Exploit

MILW0RM - 4608

SECUNIA - 27533

OSVDB - 42070

MISC - http://mgsdl.free.fr/?1:33

SREASON - 3358


Last Updated: 27 May 2016 10:46:19