Lucene search

[email protected]CVE-2007-6662

HistoryJan 04, 2008 - 11:46 a.m.

CVE-2007-6662

2008-01-0411:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cutenews

2.6

directory traversal

vulnerability

file.php

remote attackers

arbitrary files

admin username

password hash

nvd

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.4%

JSON

Directory traversal vulnerability in file.php in CuteNews 2.6 allows remote attackers to read arbitrary files via a … (dot dot) in the file parameter, as demonstrated by reading the admin username and password hash in data/users.db.php.

Affected configurations

NVD

Node

cutephpcutenewsMatch2.6

CPENameOperatorVersion
cutephp:cutenewscutephp cutenewseq2.6

CPE	Name	Operator	Version
cutephp:cutenews	cutephp cutenews	eq	2.6

References

osvdb.org/39885

securityreason.com/securityalert/3515

www.securityfocus.com/archive/1/485632/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/39328

6.9 Medium

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for CVE-2007-6662

cvelist1 prion1 nvd1