Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-5822

Published: 05/11/2007 Updated: 15/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Direct static code injection vulnerability in forum.php in Ben Ng Scribe 0.2 and previous versions allows remote malicious users to inject arbitrary PHP code into a certain file in regged/ via the username parameter in a Register action, possibly related to the register function in forumfunctions.php.

Vulnerable Product Search on Vulmon Subscribe to Product

scribe scribe 0.2

Exploits

Exploit DB: Scribe 0.2 - PHP Remote Code Execution
--------------------------------------------------------------- ____ __________ __ ____ __ /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ | |/ \ | | _(__ <_/ ___\ __\ ______ | \ __\ | | | \ | |/ \ \___| | /_____/ | || | |___|___| /\__| /______ /\_ ...

References

CWE-94http://www.inj3ct-it.org/exploit/scribe.txthttp://www.securityfocus.com/bid/26302http://securityreason.com/securityalert/3339http://osvdb.org/45287http://www.vupen.com/english/advisories/2007/3746https://exchange.xforce.ibmcloud.com/vulnerabilities/38227https://www.exploit-db.com/exploits/4596http://www.securityfocus.com/archive/1/483183/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/4596/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook