NVD

Id
52871  
Name
CVE-2007-0649  
Description
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
3.2  
CVSS Vector
(AV:N/AC:H/Au:M/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-01-31  
Modified Date
2008-11-15  
Seq
2007-0649  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
267157 52871 CVE-2007-0649 20070129 [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion] (fwd)  View
267158 52871 CVE-2007-0649 20070131 VERIFY of RFI and XSS in OpenEMR 2.8.2 (was [still bogus] V [mike at carstein.kill-9.pl: Re: Open Conference Systems = 2.8.2 Remote File Inclusion])  View
267159 52871 CVE-2007-0649 2202  View
267160 52871 CVE-2007-0649 20070127 Open Conference Systems = 2.8.2 Remote File Inclusion  View
267161 52871 CVE-2007-0649 20070127 Re: Open Conference Systems = 2.8.2 Remote File Inclusion  View
267162 52871 CVE-2007-0649 20070129 Fake: Open Conference Systems = 2.8.2 Remote File Inclusion  View
267163 52871 CVE-2007-0649 20070129 Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion  View
267164 52871 CVE-2007-0649 20070128 Re: Open Conference Systems = 2.8.2 Remote File Inclusion  View
267165 52871 CVE-2007-0649 20070130 Re: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion  View
267166 52871 CVE-2007-0649 22346  View
267167 52871 CVE-2007-0649 22348  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
54612 JVNDB-2007-003304 OpenEMR の interface/globals.php における任意のプログラム変数を上書きされる脆弱性 OpenEMR の interface/globals.php は、(1) POST および (2) GET superglobal 配列上の演算抽出に関する処理に不備があるため、任意のプログラム変数を上書きされる、およびその他の不正な操作を実行される脆弱性が存在します。 CVE-2007-0649 24004 CVE-2007-0649 52871 4.3 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003304.html 2007-01-31 2012-09-25 View