Lucene search

[email protected]CVE-2007-0616

HistoryJan 31, 2007 - 11:28 a.m.

CVE-2007-0616

2007-01-3111:28:00

[email protected]

web.nvd.nist.gov

cve

2007

0616

directory traversal

vulnerability

zenphoto 1.0.4

remote attackers

arbitrary directories

index.php

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

Directory traversal vulnerability in zen/template-functions.php in zenphoto 1.0.4 up to 1.0.6 allows remote attackers to list arbitrary directories via “…” sequences in the album parameter to index.php.

Affected configurations

NVD

Node

zenphotozenphotoMatch1.0.4

zenphotozenphotoMatch1.0.5

zenphotozenphotoMatch1.0.6

CPENameOperatorVersion
zenphoto:zenphotozenphotoeq1.0.4
zenphoto:zenphotozenphotoeq1.0.5
zenphoto:zenphotozenphotoeq1.0.6

CPE	Name	Operator	Version
zenphoto:zenphoto	zenphoto	eq	1.0.4
zenphoto:zenphoto	zenphoto	eq	1.0.5
zenphoto:zenphoto	zenphoto	eq	1.0.6

References

osvdb.org/33072

secunia.com/advisories/24026

www.securityfocus.com/bid/22368

www.vupen.com/english/advisories/2007/0470

www.zenphoto.org/support/topic.php?id=1146&replies=3

www.zenphoto.org/support/topic.php?id=1148

exchange.xforce.ibmcloud.com/vulnerabilities/32102

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

6.8 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for CVE-2007-0616

nvd1 prion1 cvelist1 securityvulns1