Lucene search

[email protected]CVE-2007-4718

HistorySep 05, 2007 - 7:17 p.m.

CVE-2007-4718

2007-09-0519:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2007

4718

directory traversal

vulnerability

claroline

language parameter

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the language parameter.

Affected configurations

NVD

Node

clarolineclarolineRange≤1.8.5

CPENameOperatorVersion
claroline:clarolineclarolinele1.8.5

CPE	Name	Operator	Version
claroline:claroline	claroline	le	1.8.5

References

osvdb.org/38987

secunia.com/advisories/26685

www.claroline.net/forum/viewtopic.php?t=13533

www.claroline.net/wiki/index.php/Changelog_1.8.x#Security

www.securityfocus.com/bid/25521

www.vupen.com/english/advisories/2007/3045

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.1 High

AI Score

Confidence

High

0.053 Low

EPSS

Percentile

93.1%

JSON

Related for CVE-2007-4718

nvd1 nessus1 cvelist1 prion1