CVE-2007-0649
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2007-0649
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenEMR 'Import_XML.PHP'远程文件包含漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenEMR 2.8.2版本及其早期版本的interface/globals.php中存在自变量重写漏洞。远程攻击者重写任意程序自变量并执行其他为验证活动,例如(a)可以借助custom/import_xml.php中的srcdir参数执行远程文件包含攻击或(b)可以借助interface/login/login_frame.php的rootdir或可以借助(1)POST和(2)GET超全球数组上的求根操作有关的向量,参数执行跨站脚本攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2007-0649
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2007-0649
Please Login to view more intelligence information
Same Patch Batch · n/a · 2007-02-01 · 15 CVEs total
| CVE-2007-0656 | phpBB2-MODificat 'includes/functions.php'PHP远程文件包含漏洞 | |
| CVE-2007-0657 | Nexuiz GameDir 任意文件泄露/重写漏洞 | |
| CVE-2007-0658 | Drupal CAPTCHA 和 TEXTIMAGE模块 CAPTCHA测试绕过错误 | |
| CVE-2007-0659 | Modx FileDownload Snippet 'download.php'任意文件下载漏洞 | |
| CVE-2007-0660 | DotNetNuke IFrame模块跨站脚本攻击漏洞 | |
| CVE-2007-0661 | Intel Southbridge 2基板管理控制器拒绝服务漏洞 | |
| CVE-2007-0662 | HailBoards 'includes/usercp_viewprofile.php' PHP远程文件包含漏洞 | |
| CVE-2007-0663 | Eclectic Designs CascadianFAQ 'index.php'SQL注入漏洞 | |
| CVE-2007-0650 | Tetex mkind.c命令行参数缓冲区溢出漏洞 | |
| CVE-2007-0648 | Cisco IOS SIP报文处理远程拒绝服务漏洞 | |
| CVE-2007-0644 | Apple Safari格式字符串漏洞 | |
| CVE-2007-0645 | iPhoto 格式字符串Apple AppKit函数拒绝服务攻击漏洞 | |
| CVE-2007-0646 | Apple Mac OS X帮助查看器远程格式串处理漏洞 | |
| CVE-2007-0647 | MyBB 格式字符串漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8226
Open5GS types.c ogs_pcc_rule_install_flow_from_media denial - CVE-2026-8225
Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_han - CVE-2026-8224
Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of serv - CVE-2026-8223
Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send - CVE-2026-8222
Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_managem
V. Comments for CVE-2007-0649
No comments yet