Lucene search

[email protected]CVE-2007-6079

HistoryNov 21, 2007 - 10:46 p.m.

CVE-2007-6079

2007-11-2122:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2007

6079

directory traversal

vulnerability

bcoos 1.0.10

remote attackers

arbitrary local files

code execution

nvd

7.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.

Affected configurations

NVD

Node

bcoosbcoosMatch1.0.10

CPENameOperatorVersion
bcoos:bcoosbcooseq1.0.10

CPE	Name	Operator	Version
bcoos:bcoos	bcoos	eq	1.0.10

References

www.securityfocus.com/bid/26505

www.vupen.com/english/advisories/2007/3962

exchange.xforce.ibmcloud.com/vulnerabilities/38592

www.exploit-db.com/exploits/4637

7.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2007-6079

cvelist1 nvd1 prion1