Vulnerability Details CVE-2007-1035
Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module
- http://drupal.org/node/119385
- http://osvdb.org/35161
- http://www.securityfocus.com/bid/22587
- http://www.vupen.com/english/advisories/2007/0635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32542
- http://blamcast.net/articles/highly-critical-security-flaws-in-drupal-audio-module
- http://drupal.org/node/119385
- http://osvdb.org/35161
- http://www.securityfocus.com/bid/22587
- http://www.vupen.com/english/advisories/2007/0635
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32542
Products affected by CVE-2007-1035
-
cpe:2.3:a:drupal:audio_module:*
-
cpe:2.3:a:drupal:getid3:1.7.1
-
cpe:2.3:a:drupal:mediafield_module:*