This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Idmos | First view | 2007-10-09 |
| Product | Idmos | Last view | 2007-10-09 |
| Version | 1.0-beta | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:idmos:idmos | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.8 | 2007-10-09 | CVE-2007-5294 | PHP remote file inclusion vulnerability in core/aural.php in IDMOS 1.0-beta (aka Phoenix) allows remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter. |
| 2.6 | 2007-10-09 | CVE-2007-5293 | Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/ia.php. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 50% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 38633 | IDMOS core/aural.php site_absolute_path Parameter Remote File Inclusion |
| 38632 | IDMOS templates/simple/ia.php content Parameter XSS |
| 38631 | IDMOS error.php err_msg Parameter XSS |
