nvd-json-data-feeds/CVE-2007/CVE-2007-40xx/CVE-2007-4026.json

{
  "id": "CVE-2007-4026",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-07-26T19:30:00.000",
  "lastModified": "2017-07-29T01:32:41.317",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "epesi framework before 0.8.6 does not properly verify file extensions, which allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving the gallery images upload feature. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "epesi framework anterior al 0.8.6 no verifica las extensiones de los ficheros correctamente, lo que permite a atacantes remotos enviar y ejecutar c\u00f3digo PHP de su elecci\u00f3n a trav\u00e9s de vectores sin especificar implicando la caracter\u00edstica de transmisi\u00f3n de la galer\u00eda de im\u00e1genes. NOTA: algunos de estos detalles se obtienen a partir de la informaci\u00f3n de terceros."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:telaxus_llc:epesi:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "0.8.5",
              "matchCriteriaId": "24D88FEF-0196-4CBF-A07D-7F7371DCDE04"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://osvdb.org/38600",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://secunia.com/advisories/26175",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://sourceforge.net/project/shownotes.php?release_id=527102",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35596",
      "source": "cve@mitre.org"
    }
  ]
}