Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb Lite 1.42 and earlier, as used in products including CMS Made Simple, SAPID CMF, Journalness, PacerCMS, and Open-Realty, allows remote attackers to execute arbitrary code via PHP sequences in the last_module parameter.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Adodb Lite
  • Adodb Lite
Cmsmadesimple
  • Cms Made Simple
Journalness
  • Journalness
Open-realty
  • Open-realty
Pacercms
  • Pacercms
Sapid
  • Sapid Cmf

Configuration 1 [-]

OR cpe:2.3:a:adodb_lite:adodb_lite:*:*:*:*:*:*:*:*
cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*
cpe:2.3:a:journalness:journalness:*:*:*:*:*:*:*:*
cpe:2.3:a:open-realty:open-realty:*:*:*:*:*:*:*:*
cpe:2.3:a:pacercms:pacercms:*:*:*:*:*:*:*:*
cpe:2.3:a:sapid:sapid_cmf:*:*:*:*:*:*:*:*

No data.

References
Link Providers
http://osvdb.org/40596 cve-icon cve-icon
http://osvdb.org/41422 cve-icon cve-icon
http://osvdb.org/41426 cve-icon cve-icon
http://osvdb.org/41427 cve-icon cve-icon
http://osvdb.org/41428 cve-icon cve-icon
http://secunia.com/advisories/26928 cve-icon cve-icon
http://secunia.com/advisories/28859 cve-icon cve-icon
http://secunia.com/advisories/28873 cve-icon cve-icon
http://secunia.com/advisories/28874 cve-icon cve-icon
http://secunia.com/advisories/28886 cve-icon cve-icon
http://www.attrition.org/pipermail/vim/2007-September/001800.html cve-icon cve-icon
http://www.securityfocus.com/bid/25768 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3261 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/36733 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/40389 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/40393 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/40395 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/40396 cve-icon cve-icon
https://www.exploit-db.com/exploits/4442 cve-icon cve-icon
https://www.exploit-db.com/exploits/5090 cve-icon cve-icon
https://www.exploit-db.com/exploits/5091 cve-icon cve-icon
https://www.exploit-db.com/exploits/5097 cve-icon cve-icon
https://www.exploit-db.com/exploits/5098 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-24T22:00:00

Updated: 2024-08-07T15:17:28.218Z

Reserved: 2007-09-24T00:00:00

Link: CVE-2007-5056

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-09-24T22:17:00.000

Modified: 2017-09-29T01:29:28.610

Link: CVE-2007-5056

cve-icon Redhat

No data.