Vulnerabilities > CVE-2007-2001 - Remote Security vulnerability in Crea-book

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
crea-book
exploit available
NVD
Published: 2007-04-12
Updated: 2017-10-11

Summary

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

Vulnerable Configurations

Part Description Count
Application
Crea-Book
1

Exploit-Db

descriptionCrea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution. CVE-2007-2000,CVE-2007-2001. Webapps exploit for php platform
fileexploits/php/webapps/3701.txt
idEDB-ID:3701
last seen2016-01-31
modified2007-04-10
platformphp
port
published2007-04-10
reporterXst3nZ
sourcehttps://www.exploit-db.com/download/3701/
titleCrea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution
typewebapps

References