Vulnerability Description
Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail, (2) emotpatch, (3) login, (4) pass, and unspecified other parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Guestbara | Guestbara | 1.2 |
References
- http://www.osvdb.org/33783
- http://www.vupen.com/english/advisories/2007/1010
- http://www.osvdb.org/33783
- http://www.vupen.com/english/advisories/2007/1010
FAQ
What is CVE-2007-1554?
CVE-2007-1554 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Direct static code injection vulnerability in admin/configuration.php in Guestbara 1.2 and earlier allows remote authenticated users to inject arbitrary PHP code into config.php via the (1) admin_mail...
How severe is CVE-2007-1554?
CVE-2007-1554 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1554?
Check the references section above for vendor advisories and patch information. Affected products include: Guestbara Guestbara.