Lucene search

K
cve[email protected]CVE-2007-4723
HistorySep 05, 2007 - 7:17 p.m.

CVE-2007-4723

2007-09-0519:17:00
CWE-22
web.nvd.nist.gov
92
cve-2007-4723
directory traversal
ragnarok online control panel
authentication bypass
apache http server

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a “/…/” sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

Affected configurations

NVD
Node
ragnarok_online_control_panel_projectragnarok_online_control_panelMatch4.3.4a
AND
apachehttp_server

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

Related for CVE-2007-4723