CVE-2007-1636

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/38601
http://www.securityfocus.com/bid/23108	Exploit
http://www.vupen.com/english/advisories/2007/1094
https://exchange.xforce.ibmcloud.com/vulnerabilities/33185
https://www.exploit-db.com/exploits/3548
http://osvdb.org/38601
http://www.securityfocus.com/bid/23108	Exploit
http://www.vupen.com/english/advisories/2007/1094
https://exchange.xforce.ibmcloud.com/vulnerabilities/33185
https://www.exploit-db.com/exploits/3548

Configurations

Configuration 1 (hide)

cpe:2.3:a:roseonlinecms:roseonlinecms:3_b1:*:*:*:*:*:*:*

History

21 Nov 2024, 00:28

Type	Values Removed	Values Added
References	~~() http://osvdb.org/38601 -~~	() http://osvdb.org/38601 -
References	~~() http://www.securityfocus.com/bid/23108 - Exploit~~	() http://www.securityfocus.com/bid/23108 - Exploit
References	~~() http://www.vupen.com/english/advisories/2007/1094 -~~	() http://www.vupen.com/english/advisories/2007/1094 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/33185 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/33185 -
References	~~() https://www.exploit-db.com/exploits/3548 -~~	() https://www.exploit-db.com/exploits/3548 -

Information

Published : 2007-03-23 22:19

Updated : 2024-11-21 00:28

NVD link : CVE-2007-1636

Mitre link : CVE-2007-1636

CVE.ORG link : CVE-2007-1636

JSON object : View

Products Affected

roseonlinecms

roseonlinecms

CWE

NVD-CWE-Other

{"id": "CVE-2007-1636", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-03-23T22:19:00.000", "references": [{"url": "http://osvdb.org/38601", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/23108", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1094", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/3548", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/38601", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/23108", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/1094", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/3548", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}, {"lang": "es", "value": "La vulnerabilidad de salto de directorio en el archivo index.php en RoseOnlineCMS versi\u00f3n 3 B1, permite a atacantes remotos incluir archivos arbitrarios por medio de una secuencia .. (punto punto) en el par\u00e1metro op, como es demostrado mediante la inyecci\u00f3n de c\u00f3digo PHP en los archivos de registro de Apache por medio de la URL y el encabezado HTTP User-Agent."}], "lastModified": "2024-11-21T00:28:48.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:roseonlinecms:roseonlinecms:3_b1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88ABC5B0-D6EA-447D-8FB8-1FE1588DA441"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}