// For flags

CVE-2007-6396

Flat PHP Board 1.2 - Multiple Vulnerabilities

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Direct static code injection vulnerability in index.php in Flat PHP Board 1.2 and earlier allows remote attackers to inject arbitrary PHP code via the (1) username, (2) password, and (3) email parameters when registering a user account, which can be executed by accessing the user's php file for this account. NOTE: similar code injection might be possible in a user profile.

Vulnerabilidad de inyección de código estático en index.php de Flat PHP Board 1.2 y anteriores permite a atacantes remotos inyectar código PHP de su elección mediante los parámetros (1) username, (2) password, y (3) email al registrar una cuenta de usuario, el cual puede ser ejecutado para acceder el fichero php del usuario para esta cuenta. NOTA: una inyección de código similar podría ser posible en el perfil del usuario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2007-12-17 CVE Reserved
  • 2007-12-17 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Myupb
Search vendor "Myupb"
 Flat Php Board
Search vendor "Myupb" for product "Flat Php Board"
 1.2
Search vendor "Myupb" for product "Flat Php Board" and version "1.2"
-
Affected