// For flags

CVE-2007-1035

 

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

Vulnerabilidad sin especificar en ciertas secuencias de comandos de demostración en el getID3 1.7.1, como la utilizada en los módulos Mediafield y Audio para el Drupal, permite a atacantes remotos leer y borrar ficheros de su elección, listar directorios de su elección y escribir en ficheros vacíos o .mp3 mediante vectores desconocidos.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-02-20 CVE Reserved
  • 2007-02-21 CVE Published
  • 2024-02-02 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Drupal
Search vendor "Drupal"
Audio Module
Search vendor "Drupal" for product "Audio Module"
*-
Affected
Drupal
Search vendor "Drupal"
Getid3
Search vendor "Drupal" for product "Getid3"
1.7.1
Search vendor "Drupal" for product "Getid3" and version "1.7.1"
-
Affected
Drupal
Search vendor "Drupal"
Mediafield Module
Search vendor "Drupal" for product "Mediafield Module"
*-
Affected