Lucene search

[email protected]CVE-2007-5821

HistoryNov 05, 2007 - 7:46 p.m.

CVE-2007-5821

2007-11-0519:46:00

CWE-22

[email protected]

web.nvd.nist.gov

cve

2007

5821

directory traversal

vulnerabilities

dm guestbook

remote attackers

arbitrary local files

execute

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.044 Low

EPSS

Percentile

92.5%

JSON

Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a … (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or © auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.

Affected configurations

NVD

Node

dm_guestbookdm_guestbookRange≤0.4.1

CPENameOperatorVersion
dm_guestbook:dm_guestbookdm guestbookle0.4.1

CPE	Name	Operator	Version
dm_guestbook:dm_guestbook	dm guestbook	le	0.4.1

References

osvdb.org/39064

osvdb.org/39065

osvdb.org/39066

osvdb.org/39067

www.securityfocus.com/bid/26300

www.vupen.com/english/advisories/2007/3747

exchange.xforce.ibmcloud.com/vulnerabilities/38219

www.exploit-db.com/exploits/4597

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.3 High

AI Score

Confidence

High

0.044 Low

EPSS

Percentile

92.5%

JSON

Related for CVE-2007-5821

nvd1 prion1 cvelist1