CVE-2007-6218

Ossigeno CMS 2.2_pre1 - '/ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php?ossigeno' Remote File Inclusion

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 pre1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) level parameter to (a) install_module.php and (b) uninstall_module.php in upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, and (d) install_module.php and (e) uninstall_module.php in upload/xax/ossigeno/admin/; and the (2) ossigeno parameter to (f) ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, different vectors than CVE-2007-5234.

Múltiples vulnerabilidades PHP de inclusión remota de archivo en Ossigeno CMS 2.2 pre1 permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro (1) level en (a) install_module.php y (b) uninstall_module.php en upload/xax/admin/modules/, (c) upload/xax/admin/patch/index.php, y (d) install_module.php y (e) uninstall_module.php en upload/xax/ossigeno/admin/; y el parámetro (2) ossigeno en (f)ossigeno_modules/ossigeno-catalogo/xax/ossigeno/catalogo/common.php, en vectores diferentes que CVE-2007-5234.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-11-30 First Exploit
2007-12-04 CVE Reserved
2007-12-04 CVE Published
2024-08-07 CVE Updated
2024-08-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (14)

URL	Tag	Source
http://osvdb.org/44312	Vdb Entry
http://osvdb.org/44313	Vdb Entry
http://osvdb.org/44314	Vdb Entry
http://osvdb.org/44315	Vdb Entry
http://osvdb.org/44316	Vdb Entry
http://osvdb.org/44317	Vdb Entry
http://www.packetstormsecurity.org/0711-exploits/ossigeno22-rfi.txt	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/30831	2007-11-30
https://www.exploit-db.com/exploits/30826	2007-11-30
https://www.exploit-db.com/exploits/30827	2007-11-30
https://www.exploit-db.com/exploits/30828	2007-11-30
https://www.exploit-db.com/exploits/30829	2007-11-30
https://www.exploit-db.com/exploits/30830	2007-11-30
http://www.securityfocus.com/bid/26654	2024-08-07

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ossigeno Search vendor "Ossigeno"		Cms Search vendor "Ossigeno" for product "Cms"				2.2_pre1 Search vendor "Ossigeno" for product "Cms" and version "2.2_pre1"		-		Affected