Lucene search

[email protected]CVE-2007-1477

HistoryMar 16, 2007 - 9:19 p.m.

CVE-2007-1477

2007-03-1621:19:00

[email protected]

web.nvd.nist.gov

cve

2007

1477

directory traversal

php point of sale

oscommerce 1.1

remote attackers

arbitrary local files

cve dispute

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Directory traversal vulnerability in index.php in PHP Point Of Sale for osCommerce 1.1 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the cfg_language parameter. NOTE: this issue has been disputed by CVE, since the cfg_language variable is configured upon proper product installation

Affected configurations

NVD

Node

oscommercephp_point_of_saleMatch1.1

CPENameOperatorVersion
oscommerce:php_point_of_saleoscommerce php point of saleeq1.1

CPE	Name	Operator	Version
oscommerce:php_point_of_sale	oscommerce php point of sale	eq	1.1

References

attrition.org/pipermail/vim/2007-April/001564.html

securityreason.com/securityalert/2426

www.securityfocus.com/archive/1/462970/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/33006

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2007-1477

cvelist1 prion1 nvd1 securityvulns1