Lucene search

PRIOn knowledge basePRION:CVE-2007-0804

HistoryFeb 07, 2007 - 11:28 a.m.

Directory traversal

2007-02-0711:28:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.0%

JSON

Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via “…” sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.

CPENameOperatorVersion
ggcmseq1.1.0-rc1

CPE	Name	Operator	Version
	ggcms	eq	1.1.0-rc1

References

osvdb.org/35849

www.securityfocus.com/bid/22412

www.vupen.com/english/advisories/2007/0492

exchange.xforce.ibmcloud.com/vulnerabilities/32211

www.exploit-db.com/exploits/3271

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.042 Low

EPSS

Percentile

92.0%

JSON

Related for PRION:CVE-2007-0804