Lucene search

[email protected]CVE-2007-3138

HistoryJun 08, 2007 - 4:30 p.m.

CVE-2007-3138

2007-06-0816:30:00

[email protected]

web.nvd.nist.gov

vulnerability

open solution quick.cart

remote attackers

directory traversal

slanguage cookie

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.

Affected configurations

NVD

Node

open_solutionquick.cartRange≤2.2

CPENameOperatorVersion
open_solution:quick.cartopen solution quick.cartle2.2

CPE	Name	Operator	Version
open_solution:quick.cart	open solution quick.cart	le	2.2

References

osvdb.org/36960

secunia.com/advisories/25513

www.securityfocus.com/bid/24299

www.vupen.com/english/advisories/2007/2038

exchange.xforce.ibmcloud.com/vulnerabilities/34687

www.exploit-db.com/exploits/4025

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

80.5%

JSON

Related for CVE-2007-3138

prion1 cvelist1 nvd1