CVE-2007-1035
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.
Vulnerabilidad sin especificar en ciertas secuencias de comandos de demostración en el getID3 1.7.1, como la utilizada en los módulos Mediafield y Audio para el Drupal, permite a atacantes remotos leer y borrar ficheros de su elección, listar directorios de su elección y escribir en ficheros vacíos o .mp3 mediante vectores desconocidos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-20 CVE Reserved
- 2007-02-21 CVE Published
- 2024-02-02 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module | X_refsource_misc | |
| http://osvdb.org/35161 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/0635 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32542 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://drupal.org/node/119385 | 2017-07-29 | |
| http://www.securityfocus.com/bid/22587 | 2017-07-29 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Drupal Search vendor "Drupal" | Audio Module Search vendor "Drupal" for product "Audio Module" | * | - |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Getid3 Search vendor "Drupal" for product "Getid3" | 1.7.1 Search vendor "Drupal" for product "Getid3" and version "1.7.1" | - |
Affected
| ||||||
| Drupal Search vendor "Drupal" | Mediafield Module Search vendor "Drupal" for product "Mediafield Module" | * | - |
Affected
| ||||||