Search for vulnerabilities
Vulnerability details: VCID-efv9-xs74-aaae
Vulnerability ID VCID-efv9-xs74-aaae
Aliases CVE-2007-2348
Summary mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands such as "get" which could overwrite executable files.
Status Published
Exploitability 0.5
Weighted Severity 6.1
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Low https://access.redhat.com/errata/RHSA-2009:1278
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02137 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.0243 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.02809 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
epss 0.03930 https://api.first.org/data/v1/epss?cve=CVE-2007-2348
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=236238
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-2348
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=173524
http://lftp.yar.ru/news.html
http://rhn.redhat.com/errata/RHSA-2009-1278.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2348.json
https://api.first.org/data/v1/epss?cve=CVE-2007-2348
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2348
http://secunia.com/advisories/25107
http://secunia.com/advisories/25132
http://secunia.com/advisories/36559
https://issues.rpath.com/browse/RPL-1229
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10806
http://www.securityfocus.com/bid/23736
http://www.vupen.com/english/advisories/2007/1590
236238 https://bugzilla.redhat.com/show_bug.cgi?id=236238
cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:alexander_v._lukyanov:lftp:*:*:*:*:*:*:*:*
CVE-2007-2348 https://nvd.nist.gov/vuln/detail/CVE-2007-2348
RHSA-2009:1278 https://access.redhat.com/errata/RHSA-2009:1278
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-2348
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.82655
EPSS Score 0.02137
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.