Vulnerability Description
PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpids | Phpids | All versions |
References
- http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
- http://osvdb.org/45757
- http://osvdb.org/45758
- http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35519
- http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0
- http://osvdb.org/45757
- http://osvdb.org/45758
- http://sla.ckers.org/forum/read.php?2%2C13209%2C13218
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35519
FAQ
What is CVE-2007-3578?
CVE-2007-3578 is a vulnerability with a CVSS score of 4.3 (MEDIUM). PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script.
How severe is CVE-2007-3578?
CVE-2007-3578 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3578?
Check the references section above for vendor advisories and patch information. Affected products include: Phpids Phpids.