Lucene search

PRIOn knowledge basePRION:CVE-2007-5845

HistoryNov 06, 2007 - 9:46 p.m.

Directory traversal

2007-11-0621:46:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.4%

JSON

Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, and earlier allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the id parameter. NOTE: this can be leveraged to bypass authentication and upload arbitrary files by including admin/inc/upload.inc and specifying certain multipart/form-data input for admin/inc/upload.inc.

CPENameOperatorVersion
guppyeq4.6.3
guppyle4.5.16

CPE	Name	Operator	Version
	guppy	eq	4.6.3
	guppy	le	4.5.16

References

osvdb.org/38492

retrogod.altervista.org/guppy_4516_cmd.html

www.exploit-db.com/exploits/3221

www.exploit-db.com/exploits/4602

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for PRION:CVE-2007-5845

cve1