1. Home
  2. CVE Database
  3. CVE-2007-1382
MEDIUM · 6.8

CVE-2007-1382

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to ...

Vulnerability Description

The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.

CVSS Score

6.8

MEDIUM

AV:L/AC:L/Au:S/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
MicrosoftAll Windowsabstract_cpe
PhpCom ExtensionsAll versions

References

FAQ

What is CVE-2007-1382?

CVE-2007-1382 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to ...

How severe is CVE-2007-1382?

CVE-2007-1382 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-1382?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft All Windows, Php Com Extensions.