Lucene search

[email protected]CVE-2007-0607

HistoryMar 20, 2007 - 8:19 p.m.

CVE-2007-0607

2007-03-2020:19:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

w-agora

web-agora

cve-2007-0607

security vulnerability

access control

nvd

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON

W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.

CPENameOperatorVersion
w-agora:w-agoraw-agoraeq4.2.1

CPE	Name	Operator	Version
w-agora:w-agora	w-agora	eq	4.2.1

References

lists.grok.org.uk/pipermail/full-disclosure/2007-March/053054.html

securityreason.com/securityalert/2465

www.netvigilance.com/advisory0015

www.osvdb.org/31670

www.securityfocus.com/archive/1/463215/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/33073

6.6 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.014 Low

EPSS

Percentile

86.5%

JSON

Related for CVE-2007-0607

prion1 packetstorm1 securityvulns2