Lucene search

K
cve[email protected]CVE-2007-1329
HistoryMar 07, 2007 - 9:19 p.m.

CVE-2007-1329

2007-03-0721:19:00
NVD-CWE-Other
web.nvd.nist.gov
19
cve
2007
1329
directory traversal
sql-ledger
ledgersmb
vulnerability
remote attackers
arbitrary files
arbitrary code
dot characters
blacklist
security

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.064 Low

EPSS

Percentile

93.5%

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into … (dot dot) sequences.

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.064 Low

EPSS

Percentile

93.5%

Related for CVE-2007-1329