Lucene search

[email protected]CVE-2007-3326

HistoryJun 21, 2007 - 6:30 p.m.

CVE-2007-3326

2007-06-2118:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-3326

vbulletin

directory traversal

remote attackers

cross-site scripting

xss

nvd

6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

65.1%

JSON

Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a … (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.

CPENameOperatorVersion
jelsoft:vbulletinjelsoft vbulletineq3.0.0

CPE	Name	Operator	Version
jelsoft:vbulletin	jelsoft vbulletin	eq	3.0.0

References

securityreason.com/securityalert/2820

www.securityfocus.com/archive/1/471835/100/0/threaded

www.securityfocus.com/archive/1/471838/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/34956

6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

0.003 Low

EPSS

Percentile

65.1%

JSON

Related for CVE-2007-3326

prion1 cvelist2 cve1 nessus1