Lucene search

[email protected]CVE-2007-0098

HistoryJan 05, 2007 - 6:28 p.m.

CVE-2007-0098

2007-01-0518:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-0098

directory traversal

verliadmin

security vulnerability

remote attack

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

CPENameOperatorVersion
verliadmin:verliadminverliadminle0.3

CPE	Name	Operator	Version
verliadmin:verliadmin	verliadmin	le	0.3

References

osvdb.org/32352

www.vupen.com/english/advisories/2007/0035

exchange.xforce.ibmcloud.com/vulnerabilities/31241

www.exploit-db.com/exploits/3075

7.3 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2007-0098

prion1 securityvulns1