CVE-2007-2001

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/24862
http://www.osvdb.org/34817
https://www.exploit-db.com/exploits/3701
http://secunia.com/advisories/24862
http://www.osvdb.org/34817
https://www.exploit-db.com/exploits/3701

Configurations

Configuration 1 (hide)

cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:29

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/24862 -~~	() http://secunia.com/advisories/24862 -
References	~~() http://www.osvdb.org/34817 -~~	() http://www.osvdb.org/34817 -
References	~~() https://www.exploit-db.com/exploits/3701 -~~	() https://www.exploit-db.com/exploits/3701 -

Information

Published : 2007-04-12 19:19

Updated : 2025-04-09 00:30

NVD link : CVE-2007-2001

Mitre link : CVE-2007-2001

CVE.ORG link : CVE-2007-2001

JSON object : View

Products Affected

crea-book

crea-book

CWE

NVD-CWE-Other

{"id": "CVE-2007-2001", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-04-12T19:19:00.000", "references": [{"url": "http://secunia.com/advisories/24862", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/34817", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3701", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24862", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/34817", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3701", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the \"Fond de la page\" (background color) field and other unspecified fields, which injects into config.inc.php3."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n directa de c\u00f3digo est\u00e1tico en admin/configurer2.php de Crea-Book 1.0 y versiones anteriores permite a administradores remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante el campo \"Fond de la page\" (color de fondo) y otros campos no especificados, que inyectan en config.inc.php3."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6413CE2A-D900-4E4B-BCD1-0E07F1EC3F9D", "versionEndIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}