Информационная безопасность
[RU] switch to English


CVECVE-2007-1035
СтатусCandidate
ОписаниеUnspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.
Важность
High
CVSS score7
CVSS vector(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
PhaseAssigned (20.02.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1035
ReferencesBID : 22587
 FRSIRT : ADV-2007-0635
 XF : drupal-getid3-code-execution(32542)
 MISC : http://blamcast.net/articles/highly-critical-secur...
 CONFIRM : http://drupal.org/node/119385
SecurityVulns:Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород