Lucene search

[email protected]CVE-2007-1140

HistoryMar 02, 2007 - 9:18 p.m.

CVE-2007-1140

2007-03-0221:18:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-1140

directory traversal

remote attackers

file modification

vulnerability

information security

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

6.7 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a … (dot dot) in the filename parameter.

Affected configurations

NVD

Node

barekonceptpheapMatch-

CPENameOperatorVersion
barekoncept:pheapbarekoncept pheapeq-

CPE	Name	Operator	Version
barekoncept:pheap	barekoncept pheap	eq	-

References

osvdb.org/33140

securityreason.com/securityalert/2354

www.securityfocus.com/archive/1/460920/100/0/threaded

www.securityfocus.com/bid/22670

9.4 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:C/A:N

6.7 Medium

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.9%

JSON

Related for CVE-2007-1140

prion1 cvelist1 nvd1 securityvulns1