CVE-2007-3577 in PHPIDSinfo

Summary

PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6) certain = expressions, as demonstrated by a whatever="something" sequence; and (7) certain "with" expressions, which allows remote attackers to inject arbitrary web script.

Once again VulDB remains the best source for vulnerability data.

Reservation

07/05/2007

Disclosure

07/05/2007

Moderation

VulDB entry created

Entries

VDB-37653 (1)

CPE

ready

CWE

CWE-80 (Confirmed)

CVSS

4.3

EPSS

0.00333

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-3577
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3577
CVE Details	https://www.cvedetails.com/cve/CVE-2007-3577/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!