Lucene search

K
cve[email protected]CVE-2007-5684
HistoryOct 26, 2007 - 6:46 p.m.

CVE-2007-5684

2007-10-2618:46:00
CWE-22
web.nvd.nist.gov
23
cve
2007
5684
directory traversal
tikiwiki
vulnerability
remote attackers
arbitrary files
nvd

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded “…%2F” sequences in the imp_language parameter to tiki-imexport_languages.php.

Affected configurations

NVD
Node
tikitikiwiki_cms\/groupwareRange1.9.8.1
OR
tikitikiwiki_cms\/groupwareMatch1.6.1
OR
tikitikiwiki_cms\/groupwareMatch1.9.0
OR
tikitikiwiki_cms\/groupwareMatch1.9.0rc1
OR
tikitikiwiki_cms\/groupwareMatch1.9.0rc2
OR
tikitikiwiki_cms\/groupwareMatch1.9.0rc3
OR
tikitikiwiki_cms\/groupwareMatch1.9.1
OR
tikitikiwiki_cms\/groupwareMatch1.9.2
OR
tikitikiwiki_cms\/groupwareMatch1.9.3
OR
tikitikiwiki_cms\/groupwareMatch1.9.4
OR
tikitikiwiki_cms\/groupwareMatch1.9.5
OR
tikitikiwiki_cms\/groupwareMatch1.9.6
OR
tikitikiwiki_cms\/groupwareMatch1.9.7
OR
tikitikiwiki_cms\/groupwareMatch1.9.8

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.5%