Vulnerability Name:

CVE-2007-1382 (CCN-33209)

Assigned:2007-03-07
Published:2007-03-07
Updated:2017-10-11
Summary:The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
CVSS v3 Severity:4.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2007-1382

Source: CCN
Type: OSVDB ID: 36089
PHP COM Extensions on Windows WScript.Shell COM Object safe_mode Bypass

Source: CCN
Type: PHP Web site
PHP: Hypertext Preprocessor

Source: XF
Type: UNKNOWN
php-wscriptshell-security-bypass(33209)

Source: EXPLOIT-DB
Type: UNKNOWN
3429

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:all_windows:abstract_cpe:*:*:*:*:*:*:*
  • AND
  • cpe:/a:php:com_extensions:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:php:php:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft all windows abstract_cpe
    php com extensions *
    php php *