Lucene search
HistoryJun 08, 2007 - 4:30 p.m.
CVE-2007-3138
vulnerability
open solution quick.cart
remote attackers
directory traversal
slanguage cookie
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.5%
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.
Affected configurations
Node
open_solutionquick.cartRange≤2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| open_solution:quick.cart | open solution quick.cart | le | 2.2 |
Related
cvelist
cvelist
CVE-2007-3138
2007-06-08 16:00:00
prion
prion
Directory traversal
2007-06-08 16:30:00
nvd
nvd
CVE-2007-3138
2007-06-08 16:30:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.5%
Related for CVE-2007-3138