Lucene search

[email protected]CVE-2007-2503

HistoryMay 04, 2007 - 1:19 a.m.

CVE-2007-2503

2007-05-0401:19:00

[email protected]

web.nvd.nist.gov

cve-2007-2503

directory traversal vulnerability

php turbulence 0.0.1 alpha

remote attackers

arbitrary local files

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.3%

JSON

Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion

Affected configurations

NVD

Node

php_turbulencephp_turbulenceMatch0.0.1_alpha

CPENameOperatorVersion
php_turbulence:php_turbulencephp turbulenceeq0.0.1_alpha

CPE	Name	Operator	Version
php_turbulence:php_turbulence	php turbulence	eq	0.0.1_alpha

References

securityreason.com/securityalert/2673

www.attrition.org/pipermail/vim/2007-April/001541.html

www.securityfocus.com/archive/1/466564/100/100/threaded

www.securityfocus.com/bid/23580

exchange.xforce.ibmcloud.com/vulnerabilities/33824

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.2 High

AI Score

Confidence

High

0.033 Low

EPSS

Percentile

91.3%

JSON

Related for CVE-2007-2503

nvd1 prion1 cvelist1