Lucene search

[email protected]CVE-2003-1373

HistoryOct 17, 2007 - 1:00 a.m.

CVE-2003-1373

2007-10-1701:00:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2003-1373

phpbb

directory traversal

vulnerability

remote attack

file inclusion

prefs.php

lang parameter

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via … (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.

Affected configurations

NVD

Node

phpbb_groupphpbbMatch1.4.0

phpbb_groupphpbbMatch1.4.1

phpbb_groupphpbbMatch1.4.2

phpbb_groupphpbbMatch1.4.4

CPENameOperatorVersion
phpbb_group:phpbbphpbb group phpbbeq1.4.0
phpbb_group:phpbbphpbb group phpbbeq1.4.1
phpbb_group:phpbbphpbb group phpbbeq1.4.2
phpbb_group:phpbbphpbb group phpbbeq1.4.4

CPE	Name	Operator	Version
phpbb_group:phpbb	phpbb group phpbb	eq	1.4.0
phpbb_group:phpbb	phpbb group phpbb	eq	1.4.1
phpbb_group:phpbb	phpbb group phpbb	eq	1.4.2
phpbb_group:phpbb	phpbb group phpbb	eq	1.4.4

References

archives.neohapsis.com/archives/bugtraq/2003-02/0245.html

www.securityfocus.com/bid/6889

exchange.xforce.ibmcloud.com/vulnerabilities/11407

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.4%

JSON

Related for CVE-2003-1373

nvd1 cvelist1