Sisfo Kampus dwoprn.php f Variable Traversal Arbitrary File Access

{"id": "OSVDB:38659", "bulletinFamily": "software", "title": "Sisfo Kampus dwoprn.php f Variable Traversal Arbitrary File Access", "description": "## Manual Testing Notes\nhttp://[target]/[dir]/dwoprn.php?f=connectdb.php\n## References:\nVendor URL: http://Sisfokampus.net/\n[Secunia Advisory ID:23109](https://secuniaresearch.flexerasoftware.com/advisories/23109/)\nISS X-Force ID: 36534\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4386\n[CVE-2007-4895](https://vulners.com/cve/CVE-2007-4895)\n", "published": "2007-09-10T00:00:00", "modified": "2007-09-10T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:38659", "reporter": "OSVDB", "references": [], "cvelist": ["CVE-2007-4895"], "type": "osvdb", "lastseen": "2017-04-28T13:20:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "aae4f1e1f420928d1655312d738e7822"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "2f88b778a59abd6fd5f45b84ee88bb77"}, {"key": "href", "hash": "05197281a52f449a1ba2339c24f7c95e"}, {"key": "modified", "hash": "17e0dd5365bc2b22db88536fee055aca"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "17e0dd5365bc2b22db88536fee055aca"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "a45bb33683b7ca9f38b77a31d2eaebc0"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "15bc187ee0465ec4d879dd9265bb0f53c62b223cd7620911141b2bca2d271351", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [], "enchantments": {"vulnersScore": 3.6}}

{"result": {"cve": [{"id": "CVE-2007-4895", "type": "cve", "title": "CVE-2007-4895", "description": "Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter.", "published": "2007-09-14T14:17:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4895", "cvelist": ["CVE-2007-4895"], "lastseen": "2017-07-29T11:22:15"}], "exploitdb": [{"id": "EDB-ID:4386", "type": "exploitdb", "title": "Sisfo Kampus 2006 dwoprn.php f Remote File Download Vulnerability", "description": "Sisfo Kampus 2006 (dwoprn.php f) Remote File Download Vulnerability. CVE-2007-4895. Webapps exploit for php platform", "published": "2007-09-10T00:00:00", "cvss": {"score": 5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/4386/", "cvelist": ["CVE-2007-4895"], "lastseen": "2016-01-31T20:48:37"}]}}