Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6218

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6218
Last Modified 15 Nov 2008 02:03:50
Published 04 Dec 2007 12:46:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6218

Summary

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.

Vulnerable Systems

Application

  • Ossigeno Cms 2.2 Pre1


References

BID - 26654

MISC - http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt

OSVDB - 44317

OSVDB - 44316

OSVDB - 44315

OSVDB - 44314

OSVDB - 44313

OSVDB - 44312


Last Updated: 27 May 2016 10:46:24