CVE-2007-3292
Published Jun 20, 2007
Last updated 7 years ago
Overview
- Description
- Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier allows remote attackers to upload and execute arbitrary PHP code by specifying a PHP file type in a parameter intended for "a small image" associated with an article.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:livecms:livecms:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6729E06-BC0B-403F-A371-D05A1AC71D6B"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7433D100-7F85-4362-A9A3-A146A248A713"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.3_rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0B602AF-2B86-46C8-BF76-0DC7C10A90E8"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.3_rc2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43170132-46EB-444E-BE89-E0C337D2CE61"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99DF575A-7541-46F2-A64F-DAED8F9BE64C"
},
{
"criteria": "cpe:2.3:a:livecms:livecms:3.4a:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2594CC1-7A1D-454B-9CD9-C1DCE2BD31F8"
}
],
"operator": "OR"
}
]
}
]