CVE-2007-1155 - Vulnerability Details - OpenCVE

Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Webspell	Webspell

Configuration 1 [-]

cpe:2.3:a:webspell:webspell:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/2337
http://www.securityfocus.com/archive/1/460937/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32670

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-27T18:00:00

Updated: 2024-08-07T12:43:22.515Z

Reserved: 2007-02-27T00:00:00

Link: CVE-2007-1155

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-02T21:18:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1155

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "webspell-addsquad-file-upload(32670)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32670"}, {"name": "2337", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2337"}, {"name": "20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/460937/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1155", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "webspell-addsquad-file-upload(32670)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32670"}, {"name": "2337", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2337"}, {"name": "20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/460937/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:43:22.515Z"}, "title": "CVE Program Container", "references": [{"name": "webspell-addsquad-file-upload(32670)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32670"}, {"name": "2337", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2337"}, {"name": "20070222 WebSpell > 4.0 Authentication Bypass and arbitrary code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/460937/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1155", "datePublished": "2007-02-27T18:00:00", "dateReserved": "2007-02-27T00:00:00", "dateUpdated": "2024-08-07T12:43:22.515Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webspell:webspell:*:*:*:*:*:*:*:*", "matchCriteriaId": "D97FA107-4B96-4E8A-A0FF-2472BE9048CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED."}, {"lang": "es", "value": "Vulnerabilidad de promoci\u00f3n de ficheros no restringida en webSPELL permite a administradores remotos autenticados promocionar y ejecutar c\u00f3digo PHP de su elecci\u00f3n mediante la funcionalidad \"add squad\".\r\nNOTA: esta vulnerabilidad podr\u00eda ser una caracter\u00edstica administrativa, en cuyo caso esta CVE podr\u00eda ser rechazada."}], "evaluatorImpact": "Affected product versions unspecified.", "id": "CVE-2007-1155", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2337"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/460937/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/460937/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32670"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}