Lucene search

[email protected]CVE-2007-5491

HistoryOct 17, 2007 - 7:17 p.m.

CVE-2007-5491

2007-10-1719:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2007

5491

directory traversal

sitebar

translator.php

remote user

chmod

lang parameter

6.1 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.3%

JSON

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via “…” sequences in the lang parameter.

CPENameOperatorVersion
sitebar:sitebarsitebareq3.3.8

CPE	Name	Operator	Version
sitebar:sitebar	sitebar	eq	3.3.8

References

secunia.com/advisories/27503

secunia.com/advisories/28008

teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup

www.debian.org/security/2007/dsa-1423

www.gentoo.org/security/en/glsa/glsa-200711-05.xml

www.securityfocus.com/bid/26126

www.vupen.com/english/advisories/2007/3768

bugs.gentoo.org/show_bug.cgi?id=195810

6.1 Medium

AI Score

Confidence

Low

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2007-5491

prion2 ubuntucve2 cve1 securityvulns3 packetstorm1 osv1 openvas4 nessus2 gentoo1 debian1