Vulnerability Description
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pmos Helpdesk | Pmos Helpdesk | <= 2.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/42662
- http://secunia.com/advisories/28201
- http://www.securityfocus.com/bid/27032
- http://www.vupen.com/english/advisories/2007/4321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39274
- https://www.exploit-db.com/exploits/4789
- http://osvdb.org/42662
- http://secunia.com/advisories/28201
- http://www.securityfocus.com/bid/27032
- http://www.vupen.com/english/advisories/2007/4321
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39274
- https://www.exploit-db.com/exploits/4789
FAQ
What is CVE-2007-6550?
CVE-2007-6550 is a vulnerability with a CVSS score of 7.5 (HIGH). form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the...
How severe is CVE-2007-6550?
CVE-2007-6550 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-6550?
Check the references section above for vendor advisories and patch information. Affected products include: Pmos Helpdesk Pmos Helpdesk.