CVE-2007-2001 - Vulnerability Details - OpenCVE

Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified fields, which injects into config.inc.php3.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.02307.

Key SSVC decision points have not yet been added.

Vendors	Products
Crea-book	Crea-book

Configuration 1 [-]

cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/24862
http://www.osvdb.org/34817
https://www.exploit-db.com/exploits/3701

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-12T19:00:00

Updated: 2024-08-07T13:13:42.065Z

Reserved: 2007-04-12T00:00:00

Link: CVE-2007-2001

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-12T19:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2001

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-10T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the \"Fond de la page\" (background color) field and other unspecified fields, which injects into config.inc.php3."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3701", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3701"}, {"name": "24862", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24862"}, {"name": "34817", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/34817"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2001", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the \"Fond de la page\" (background color) field and other unspecified fields, which injects into config.inc.php3."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3701", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3701"}, {"name": "24862", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24862"}, {"name": "34817", "refsource": "OSVDB", "url": "http://www.osvdb.org/34817"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:13:42.065Z"}, "title": "CVE Program Container", "references": [{"name": "3701", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3701"}, {"name": "24862", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24862"}, {"name": "34817", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/34817"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2001", "datePublished": "2007-04-12T19:00:00", "dateReserved": "2007-04-12T00:00:00", "dateUpdated": "2024-08-07T13:13:42.065Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:crea-book:crea-book:*:*:*:*:*:*:*:*", "matchCriteriaId": "6413CE2A-D900-4E4B-BCD1-0E07F1EC3F9D", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the \"Fond de la page\" (background color) field and other unspecified fields, which injects into config.inc.php3."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n directa de c\u00f3digo est\u00e1tico en admin/configurer2.php de Crea-Book 1.0 y versiones anteriores permite a administradores remotos autenticados ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante el campo \"Fond de la page\" (color de fondo) y otros campos no especificados, que inyectan en config.inc.php3."}], "id": "CVE-2007-2001", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-12T19:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24862"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/34817"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3701"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/34817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3701"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}