CVE-2007-0601 in Foruminfo

Summary

common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

01/30/2007

Disclosure

01/30/2007

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-184

CVSS

7.3

EPSS

0.00428

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-0601
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-0601
CVE Details	https://www.cvedetails.com/cve/CVE-2007-0601/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!