Lucene search

K
cve[email protected]CVE-2007-1477
HistoryMar 16, 2007 - 9:19 p.m.

CVE-2007-1477

2007-03-1621:19:00
web.nvd.nist.gov
18
cve
2007
1477
directory traversal
php point of sale
oscommerce 1.1
remote attackers
arbitrary local files
cve dispute

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation

Affected configurations

NVD
Node
oscommercephp_point_of_saleMatch1.1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

Related for CVE-2007-1477