Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6652

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-6652
Last Modified 15 Nov 2008 02:05:44
Published 04 Jan 2008 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6652

Summary

cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct direct static code injection attacks and execute arbitrary code via the testo_0 parameter in a cpie admin action to index.php, which writes to dati/generali/footer.dtb (aka the XCMS footer).

Vulnerable Systems

Application

  • Xcms 1.83


References

MILW0RM - 4813

OSVDB - 40277

XF - xcms-cpie-code-execution(39346)

SECUNIA - 28256


Last Updated: 27 May 2016 10:46:35