CVE-2007-2001 - Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and

CVE-2007-2001

Summary

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

References

http://secunia.com/advisories/24862
http://www.osvdb.org/34817
https://www.exploit-db.com/exploits/3701

Vulnerable Configurations

cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*
cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 11-10-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

exploit-db	3701
osvdb	34817
secunia	24862

Last major update

11-10-2017 - 01:32

Published

12-04-2007 - 19:19

Last modified

11-10-2017 - 01:32