Lucene search

[email protected]CVE-2007-1127

HistoryFeb 27, 2007 - 2:28 a.m.

CVE-2007-1127

2007-02-2702:28:00

[email protected]

web.nvd.nist.gov

cve

2007

1127

directory traversal

vulnerability

shopkitplus

remote attackers

arbitrary files

changetheme parameter

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a … (dot dot) in the changetheme parameter.

Affected configurations

NVD

Node

watersweb_shopsshop_kit_plusMatchinitial

CPENameOperatorVersion
watersweb_shops:shop_kit_pluswatersweb shops shop kit pluseqinitial

CPE	Name	Operator	Version
watersweb_shops:shop_kit_plus	watersweb shops shop kit plus	eq	initial

References

osvdb.org/33755

secunia.com/advisories/24279

securityreason.com/securityalert/2295

www.securityfocus.com/archive/1/461071/100/0/threaded

www.securityfocus.com/bid/22697

www.vupen.com/english/advisories/2007/0747

exchange.xforce.ibmcloud.com/vulnerabilities/32660

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.04 Low

EPSS

Percentile

92.1%

JSON

Related for CVE-2007-1127

prion1 cvelist1 nvd1 securityvulns1