CVE-2007-5821

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-5821
Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lng parameter to (a) guestbook.php, (b) admin/admin.guestbook.php, or (c) auto/glob_new.php; or (2) the lngdefault parameter to auto/ch_lng.php.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://osvdb.org/39064
http://osvdb.org/39065
http://osvdb.org/39066
http://osvdb.org/39067
http://www.securityfocus.com/bid/26300
http://www.vupen.com/english/advisories/2007/3747
https://exchange.xforce.ibmcloud.com/vulnerabilities/38219
https://www.exploit-db.com/exploits/4597
http://osvdb.org/39064
http://osvdb.org/39065
http://osvdb.org/39066
http://osvdb.org/39067
http://www.securityfocus.com/bid/26300
http://www.vupen.com/english/advisories/2007/3747
https://exchange.xforce.ibmcloud.com/vulnerabilities/38219
https://www.exploit-db.com/exploits/4597
Configurations

Configuration 1 (hide)

cpe:2.3:a:dm_guestbook:dm_guestbook:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:38

Type Values Removed Values Added
References () http://osvdb.org/39064 - () http://osvdb.org/39064 -
References () http://osvdb.org/39065 - () http://osvdb.org/39065 -
References () http://osvdb.org/39066 - () http://osvdb.org/39066 -
References () http://osvdb.org/39067 - () http://osvdb.org/39067 -
References () http://www.securityfocus.com/bid/26300 - () http://www.securityfocus.com/bid/26300 -
References () http://www.vupen.com/english/advisories/2007/3747 - () http://www.vupen.com/english/advisories/2007/3747 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/38219 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/38219 -
References () https://www.exploit-db.com/exploits/4597 - () https://www.exploit-db.com/exploits/4597 -
Information

Published : 2007-11-05 19:46

Updated : 2024-11-21 00:38

NVD link : CVE-2007-5821

Mitre link : CVE-2007-5821

CVE.ORG link : CVE-2007-5821

JSON object : View

Products Affected

dm_guestbook

  • dm_guestbook
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024