Lucene search

K
cve[email protected]CVE-2007-3138
HistoryJun 08, 2007 - 4:30 p.m.

CVE-2007-3138

2007-06-0816:30:00
web.nvd.nist.gov
22
vulnerability
open solution quick.cart
remote attackers
directory traversal
slanguage cookie

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.

Affected configurations

NVD
Node
open_solutionquick.cartRange2.2

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

Related for CVE-2007-3138