Lucene search

[email protected]CVE-2007-6129

HistoryNov 26, 2007 - 10:46 p.m.

CVE-2007-6129

2007-11-2622:46:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

2007

6129

directory traversal

vulnerability

amber script 1.0

remote file inclusion

unc share pathname

ftp

ftps

ssh2.sftp url

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Affected configurations

NVD

Node

amber_scriptamber_scriptMatch1.0

CPENameOperatorVersion
amber_script:amber_scriptamber scripteq1.0

CPE	Name	Operator	Version
amber_script:amber_script	amber script	eq	1.0

References

osvdb.org/38814

secunia.com/advisories/27815

www.securityfocus.com/archive/1/484154/100/0/threaded

www.securityfocus.com/bid/26561

www.vupen.com/english/advisories/2007/3993

exchange.xforce.ibmcloud.com/vulnerabilities/38617

www.exploit-db.com/exploits/4652

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.2 High

AI Score

Confidence

High

0.035 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2007-6129

prion1 nvd1 cvelist1