Lucene search
MitreCVE-2007-5674HistoryOct 24, 2007 - 11:46 p.m.
CVE-2007-5674
2007-10-2423:46:00
CWE-22
mitre
web.nvd.nist.gov
34
cve
2007
5674
directory traversal
instaguide weather
php
vulnerability
remote attackers
arbitrary local files
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
High
EPSS
0.01
Percentile
84.0%
Directory traversal vulnerability in index.php in InstaGuide Weather (aka Weather for PHP) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the PageName parameter.
Affected configurations
Node
instaguideweatherMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| instaguide | weather | 1.0 | cpe:2.3:a:instaguide:weather:1.0:*:*:*:*:*:*:* |
Related
exploitdb
exploitdb
InstaGuide Weather Script 1.0 - 'index.php' Local File Inclusion
2007-10-22 00:00:00
prion
prion
Directory traversal
2007-10-24 23:46:00
nvd
nvd
CVE-2007-5674
2007-10-24 23:46:00
cvelist
cvelist
CVE-2007-5674
2007-10-24 23:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
High
EPSS
0.01
Percentile
84.0%
Related for CVE-2007-5674