ByteOS Network

NVD Vulnerability Details :

CVE-2007-1035

Modified

Source-cve@mitre.org

Published At-21 Feb, 2007 | 11:28

Updated At-29 Jul, 2017 | 01:30

Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

The Drupal Association

>>audio_module>>*

cpe:2.3:a:drupal:audio_module:*:*:*:*:*:*:*:*

The Drupal Association

>>getid3>>1.7.1

cpe:2.3:a:drupal:getid3:1.7.1:*:*:*:*:*:*:*

The Drupal Association

>>mediafield_module>>*

cpe:2.3:a:drupal:mediafield_module:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

Evaluator Impact

This vulnerability affects the following versions of Drupal Mediafield Module: Drupal, Mediafield Module, 4.7.x-1.x-dev Drupal, Mediafield Module, 5.x-1.x-dev This vulnerability affects the following versions of Drupal Audio Module: Drupal, Audio Module, 4.7.x-1.x-dev Drupal, Audio Module, 5.x-0.2 Drupal, Audio Module, 5.x-0.x-dev

References

Hyperlink	Source	Resource
http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module	cve@mitre.org	N/A
http://drupal.org/node/119385	cve@mitre.org	Patch Vendor Advisory
http://osvdb.org/35161	cve@mitre.org	N/A
http://www.securityfocus.com/bid/22587	cve@mitre.org	Patch
http://www.vupen.com/english/advisories/2007/0635	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/32542	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History