Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5934


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5934
Last Modified 07 Mar 2011 10:01:31
Published 13 Nov 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request to store a URL string as a request to retrieve and store the contents of the URL, which might allow remote attackers to use MDB2 as an indirect proxy or obtain sensitive information via a URL into a form field in an MDB2 application, as demonstrated by a file:// URL or a URL for an intranet web site.

Vulnerable Systems


  • Pear Structures Datagrid Datasource Mdb2 2.5.0


VUPEN - ADV-2007-3806

BID - 26382

SECUNIA - 27572



OSVDB - 42107

MLIST - [PEAR-CVS] 20070503 cvs: pear /MDB2 MDB2.php package.php /MDB2/MDB2/Driver mysql.php mysqli.php oci8.php pgs

FEDORA - FEDORA-2007-3369

GENTOO - GLSA-200712-05

SECUNIA - 27983

SECUNIA - 27626


Last Updated: 27 May 2016 10:46:20