Lucene search

[email protected]CVE-2007-4805

HistorySep 11, 2007 - 6:17 p.m.

CVE-2007-4805

2007-09-1118:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-4805

directory traversal

getgalldata.php

fuzzylime

cms

remote attack

arbitrary files

security vulnerability

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a … (dot dot) in the p parameter.

CPENameOperatorVersion
fuzzylime:fuzzylimefuzzylimeeq3.0

CPE	Name	Operator	Version
fuzzylime:fuzzylime	fuzzylime	eq	3.0

References

osvdb.org/36996

secunia.com/advisories/26740

www.attrition.org/pipermail/vim/2007-September/001780.html

www.securityfocus.com/bid/25604

www.vupen.com/english/advisories/2007/3135

exchange.xforce.ibmcloud.com/vulnerabilities/36520

www.exploit-db.com/exploits/4378

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.0%

JSON

Related for CVE-2007-4805

prion3 cve2