ID CVE-2007-3266Type cveReporter cve@mitre.orgModified 2018-10-16T16:48:00
Description
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.
{"id": "CVE-2007-3266", "bulletinFamily": "NVD", "title": "CVE-2007-3266", "description": "Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.", "published": "2007-06-19T18:30:00", "modified": "2018-10-16T16:48:00", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:N/C:C/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-3266", "reporter": "cve@mitre.org", "references": ["http://securityreason.com/securityalert/2816", "http://www.mawk.org/mods.php?mods=Core&page=view&id=102", "http://secunia.com/advisories/25693", "http://osvdb.org/37508", "http://www.securityfocus.com/bid/24516", "http://www.securityfocus.com/archive/1/471647/100/0/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/34921"], "cvelist": ["CVE-2007-3266"], "type": "cve", "lastseen": "2019-05-29T18:09:00", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d95f44df5d7202f9ab62c27b131b2574"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "f77c08e751e26d4ba0e7ff2beda38fd1"}, {"key": "cpe23", "hash": "c1e667f4314671400de9ce495b83afa8"}, {"key": "cvelist", "hash": "1edd78ec4b05d4e9dd94f1e8c49b0c07"}, {"key": "cvss", "hash": "9a7f6c2d8036e46e1aa6879c17dcc4f5"}, {"key": "cvss2", "hash": "126de852a1aadb23621e91a438094b2d"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "df6805c0cf192165b6027c3d4cab9ec6"}, {"key": "href", "hash": "b633a5e9b8ffaee4fd3a5e35db35f7b2"}, {"key": "modified", "hash": "a79b2e04ee10b7ac88592b4818b42f7e"}, {"key": "published", "hash": "835365afb97c56e20672bfc07520cf19"}, {"key": "references", "hash": "d965134415a5910c3833117dc678a8eb"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "0d0cc2f8c4589e47f949b6f2ed15cdc1"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f33daeb3db82e67a4b0f83232d3cb38400cc0e813154d227d0864bf82d47917f", "viewCount": 0, "enchantments": {"score": {"value": 8.1, "vector": "NONE", "modified": "2019-05-29T18:09:00"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:37508"]}, {"type": "exploitdb", "idList": ["EDB-ID:30199"]}], "modified": "2019-05-29T18:09:00"}, "vulnersScore": 8.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:ifnet:webif.cgi:*"], "affectedSoftware": [{"name": "ifnet webif.cgi", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:C/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:ifnet:webif.cgi:*:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"exploitdb": [{"lastseen": "2016-02-03T11:56:54", "bulletinFamily": "exploit", "description": "WebIf OutConfig Parameter Local File Include Vulnerability. CVE-2007-3266. Webapps exploit for cgi platform", "modified": "2007-06-18T00:00:00", "published": "2007-06-18T00:00:00", "id": "EDB-ID:30199", "href": "https://www.exploit-db.com/exploits/30199/", "type": "exploitdb", "title": "WebIf OutConfig Parameter Local File Include Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/24516/info\r\n\r\nWebIf is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nExploiting this issue may allow an unauthorized user to view files and execute local scripts. \r\n\r\nhttp://www.example.com/webif/webif.cgi?cmd=query&config=conf_2000/config.txt&outconfig=../../../../etc/issue ", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/30199/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:33", "bulletinFamily": "software", "description": "## Manual Testing Notes\nhttp://[target]/webif/webif.cgi?cmd=query&config=conf_2000/config.txt&outconfig=../../../../etc/issue\n## References:\n[Secunia Advisory ID:25693](https://secuniaresearch.flexerasoftware.com/advisories/25693/)\nOther Advisory URL: http://www.mawk.org/mods.php?mods=Core&page=view&id=102\nOther Advisory URL: http://securityreason.com/securityalert/2816\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-06/0225.html\nISS X-Force ID: 34921\n[CVE-2007-3266](https://vulners.com/cve/CVE-2007-3266)\nBugtraq ID: 24516\n", "modified": "2007-06-18T18:01:00", "published": "2007-06-18T18:01:00", "href": "https://vulners.com/osvdb/OSVDB:37508", "id": "OSVDB:37508", "title": "WebIf webif.cgi outconfig Traversal Local File Inclusion", "type": "osvdb", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:PARTIAL/A:PARTIAL/"}}]}
