CVE-2007-3621

critical

Description

Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.

References

https://www.exploit-db.com/exploits/4151

https://exchange.xforce.ibmcloud.com/vulnerabilities/35270

http://www.vupen.com/english/advisories/2007/2446

http://www.securityfocus.com/archive/1/472907/100/0/threaded

http://www.hoku.co.uk/advisories/asteridex.txt

http://securityreason.com/securityalert/2863

http://secunia.com/advisories/25965

http://osvdb.org/37846

http://bestof.nerdvittles.com/applications/asteridex/

Details

Source: Mitre, NVD

Published: 2007-07-09

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.14014

Detections

Analytics