Lucene search

[email protected]CVE-2007-5845

HistoryNov 06, 2007 - 9:46 p.m.

CVE-2007-5845

2007-11-0621:46:00

CWE-94

[email protected]

web.nvd.nist.gov

cve

2007

5845

directory traversal

vulnerability

guppy

remote attackers

arbitrary files

authentication bypass

upload

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON

Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.

CPENameOperatorVersion
guppy:guppyguppyeq4.6.3
guppy:guppyguppyle4.5.16

CPE	Name	Operator	Version
guppy:guppy	guppy	eq	4.6.3
guppy:guppy	guppy	le	4.5.16

References

osvdb.org/38492

retrogod.altervista.org/guppy_4516_cmd.html

www.exploit-db.com/exploits/3221

www.exploit-db.com/exploits/4602

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.7%

JSON

Related for CVE-2007-5845

prion1