PT-2007-2463 · Getid3+1 · Getid3+1

Publicado

2007-02-21

Atualizado

2017-07-29

CVE-2007-1035

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: getID3 version 1.7.1

Description: The issue allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files. This is due to an unspecified vulnerability in certain demonstration scripts in getID3, as used in the Mediafield and Audio modules for Drupal.

Recommendations: For getID3 version 1.7.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-1035

Produtos afetados

Drupal

Getid3

PT-2007-2463 · Getid3+1 · Getid3+1

CVE-2007-1035

Identificadores relacionados

Produtos afetados

Referências · 7