Lucene search

[email protected]CVE-2007-6184

HistoryNov 30, 2007 - 12:46 a.m.

CVE-2007-6184

2007-11-3000:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-6184

directory traversal

security vulnerability

project alumni 1.0.9

remote attack

arbitrary local files

nvd

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.6%

JSON

Directory traversal vulnerability in index.php in Project Alumni 1.0.9 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the act parameter.

CPENameOperatorVersion
project_alumni:project_alumniproject alumnieq1.0.9

CPE	Name	Operator	Version
project_alumni:project_alumni	project alumni	eq	1.0.9

References

downloads.sourceforge.net/project-alumni/security-patch-1.0.9.zip?modtime=1196251519&big_mirror=0

secunia.com/advisories/27820

www.securityfocus.com/bid/26612

exchange.xforce.ibmcloud.com/vulnerabilities/38681

www.exploit-db.com/exploits/4669

7.9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.036 Low

EPSS

Percentile

91.6%

JSON

Related for CVE-2007-6184

prion1