Vulnerabilities > CVE-2007-2001 - Remote Security vulnerability in Crea-book
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution. CVE-2007-2000,CVE-2007-2001. Webapps exploit for php platform |
file | exploits/php/webapps/3701.txt |
id | EDB-ID:3701 |
last seen | 2016-01-31 |
modified | 2007-04-10 |
platform | php |
port | |
published | 2007-04-10 |
reporter | Xst3nZ |
source | https://www.exploit-db.com/download/3701/ |
title | Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution |
type | webapps |