CVE-2007-2167 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Aimstats	Aimstats	3.2

References

http://secunia.com/advisories/24955
http://www.securityfocus.com/bid/23573
http://www.vupen.com/english/advisories/2007/1447
http://www.x-pose.org/aimstats.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/33742
https://www.exploit-db.com/exploits/3762
http://secunia.com/advisories/24955
http://www.securityfocus.com/bid/23573
http://www.vupen.com/english/advisories/2007/1447
http://www.x-pose.org/aimstats.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/33742
https://www.exploit-db.com/exploits/3762

FAQ

What is CVE-2007-2167?

CVE-2007-2167 is a vulnerability with a CVSS score of 7.5 (HIGH). Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action.

How severe is CVE-2007-2167?

CVE-2007-2167 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2007-2167?

Check the references section above for vendor advisories and patch information. Affected products include: Aimstats Aimstats.