Vulnerability Details CVE-2007-0599
Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://acid-root.new.fr/poc/21070125.txt
- http://osvdb.org/33596
- http://www.securityfocus.com/archive/1/458076/100/0/threaded
- http://www.securityfocus.com/archive/1/458123/100/0/threaded
- http://acid-root.new.fr/poc/21070125.txt
- http://osvdb.org/33596
- http://www.securityfocus.com/archive/1/458076/100/0/threaded
- http://www.securityfocus.com/archive/1/458123/100/0/threaded
Products affected by CVE-2007-0599
-
cpe:2.3:a:aztek_forum:aztek_forum:4.0