Vulnerabilities > CVE-2007-2001 - Unspecified vulnerability in Crea-Book

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

crea-book

exploit available

NVD

Published: 2007-04-12

Updated: 2024-11-21

Summary

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

Vulnerable Configurations

Part	Description	Count
Application	Crea-Book Crea Book Crea Book *	1

Exploit-Db

description	Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution. CVE-2007-2000,CVE-2007-2001. Webapps exploit for php platform
file	exploits/php/webapps/3701.txt
id	EDB-ID:3701
last seen	2016-01-31
modified	2007-04-10
platform	php
port
published	2007-04-10
reporter	Xst3nZ
source	https://www.exploit-db.com/download/3701/
title	Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References