Vulnerability Description
Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fernando M.A.D.S. | Codepress | <= 0.9.3 |
References
- http://codepress.sourceforge.net/changelog.phpPatch
- http://osvdb.org/36484
- http://secunia.com/advisories/25124PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=505510
- http://www.securityfocus.com/bid/23788
- http://www.vupen.com/english/advisories/2007/1638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34055
- http://codepress.sourceforge.net/changelog.phpPatch
- http://osvdb.org/36484
- http://secunia.com/advisories/25124PatchVendor Advisory
- http://sourceforge.net/project/shownotes.php?release_id=505510
- http://www.securityfocus.com/bid/23788
- http://www.vupen.com/english/advisories/2007/1638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34055
FAQ
What is CVE-2007-2501?
CVE-2007-2501 is a vulnerability with a CVSS score of 7.5 (HIGH). Eval injection vulnerability in codepress.html in CodePress before 0.9.4 allows remote attackers to execute arbitrary code via certain input that is used in an eval function call.
How severe is CVE-2007-2501?
CVE-2007-2501 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2501?
Check the references section above for vendor advisories and patch information. Affected products include: Fernando M.A.D.S. Codepress.