CVE-2007-1035 - Vulnerability Details - OpenCVE

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01113.

Key SSVC decision points have not yet been added.

Vendors	Products
Drupal	Audio Module Getid3 Mediafield Module

Configuration 1 [-]

OR	cpe:2.3:a:drupal:audio_module::::::::
	cpe:2.3:a:drupal:getid3:1.7.1:::::::*
	cpe:2.3:a:drupal:mediafield_module::::::::

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module
http://drupal.org/node/119385
http://osvdb.org/35161
http://www.securityfocus.com/bid/22587
http://www.vupen.com/english/advisories/2007/0635
https://exchange.xforce.ibmcloud.com/vulnerabilities/32542

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-21T11:00:00

Updated: 2024-08-07T12:43:22.597Z

Reserved: 2007-02-20T00:00:00

Link: CVE-2007-1035

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-21T11:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1035

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-16T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "drupal-getid3-code-execution(32542)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32542"}, {"name": "ADV-2007-0635", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0635"}, {"name": "22587", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22587"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://drupal.org/node/119385"}, {"tags": ["x_refsource_MISC"], "url": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module"}, {"name": "35161", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35161"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1035", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "drupal-getid3-code-execution(32542)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32542"}, {"name": "ADV-2007-0635", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0635"}, {"name": "22587", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22587"}, {"name": "http://drupal.org/node/119385", "refsource": "CONFIRM", "url": "http://drupal.org/node/119385"}, {"name": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module", "refsource": "MISC", "url": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module"}, {"name": "35161", "refsource": "OSVDB", "url": "http://osvdb.org/35161"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:43:22.597Z"}, "title": "CVE Program Container", "references": [{"name": "drupal-getid3-code-execution(32542)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32542"}, {"name": "ADV-2007-0635", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0635"}, {"name": "22587", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22587"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://drupal.org/node/119385"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module"}, {"name": "35161", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35161"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1035", "datePublished": "2007-02-21T11:00:00", "dateReserved": "2007-02-20T00:00:00", "dateUpdated": "2024-08-07T12:43:22.597Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:drupal:audio_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "5816F7EC-3A40-4EAE-8BA6-08483ED078D9", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:getid3:1.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "099698D4-A001-4D2C-92E5-E0F00EC71FF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:drupal:mediafield_module:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B127C2E-8139-4515-9BC1-FC674A9119AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en ciertas secuencias de comandos de demostraci\u00f3n en el getID3 1.7.1, como la utilizada en los m\u00f3dulos Mediafield y Audio para el Drupal, permite a atacantes remotos leer y borrar ficheros de su elecci\u00f3n, listar directorios de su elecci\u00f3n y escribir en ficheros vac\u00edos o .mp3 mediante vectores desconocidos."}], "evaluatorImpact": "This vulnerability affects the following versions of Drupal Mediafield Module:\r\nDrupal, Mediafield Module, 4.7.x-1.x-dev\r\nDrupal, Mediafield Module, 5.x-1.x-dev\r\n\r\nThis vulnerability affects the following versions of Drupal Audio Module:\r\nDrupal, Audio Module, 4.7.x-1.x-dev\r\nDrupal, Audio Module, 5.x-0.2\r\nDrupal, Audio Module, 5.x-0.x-dev\r\n", "id": "CVE-2007-1035", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-21T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/119385"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35161"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22587"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0635"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://drupal.org/node/119385"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35161"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/22587"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32542"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}