Lucene search

MitreCVE-2007-4805

HistorySep 11, 2007 - 6:17 p.m.

CVE-2007-4805

2007-09-1118:17:00

CWE-22

mitre

web.nvd.nist.gov

cve-2007-4805

directory traversal

getgalldata.php

fuzzylime

cms

remote attack

arbitrary files

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Directory traversal vulnerability in getgalldata.php in fuzzylime (cms) 3.0 and earlier allows remote attackers to include arbitrary local files via a … (dot dot) in the p parameter.

Affected configurations

Nvd

Node

fuzzylimefuzzylimeMatch3.0

VendorProductVersionCPE
fuzzylimefuzzylime3.0cpe:2.3:a:fuzzylime:fuzzylime:3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fuzzylime	fuzzylime	3.0	cpe:2.3:a:fuzzylime:fuzzylime:3.0:::::::*

References

osvdb.org/36996

secunia.com/advisories/26740

www.attrition.org/pipermail/vim/2007-September/001780.html

www.securityfocus.com/bid/25604

www.vupen.com/english/advisories/2007/3135

exchange.xforce.ibmcloud.com/vulnerabilities/36520

www.exploit-db.com/exploits/4378

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.4

Confidence

Low

EPSS

0.017

Percentile

87.7%

JSON

Related for CVE-2007-4805