CVE-2007-1035

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module
http://drupal.org/node/119385	Patch Vendor Advisory
http://www.securityfocus.com/bid/22587	Patch
http://osvdb.org/35161
http://www.vupen.com/english/advisories/2007/0635
https://exchange.xforce.ibmcloud.com/vulnerabilities/32542

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:drupal:audio_module::::::::
	cpe:2.3:a:drupal:getid3:1.7.1:::::::*
	cpe:2.3:a:drupal:mediafield_module::::::::

Information

Published : 2007-02-21 03:28

Updated : 2017-07-28 18:30

NVD link : CVE-2007-1035

Mitre link : CVE-2007-1035

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

drupal

mediafield_module
getid3
audio_module

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module", "name": "http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module", "tags": [], "refsource": "MISC"}, {"url": "http://drupal.org/node/119385", "name": "http://drupal.org/node/119385", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/22587", "name": "22587", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://osvdb.org/35161", "name": "35161", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0635", "name": "ADV-2007-0635", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32542", "name": "drupal-getid3-code-execution(32542)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-1035", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-02-21T11:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:drupal:audio_module:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:drupal:getid3:1.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:drupal:mediafield_module:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:30Z"}