CVE Vulnerability

CVE-2007-6397

Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://www.securityfocus.com/bid/26782
http://osvdb.org/43891
http://osvdb.org/43892
http://osvdb.org/43890
https://www.exploit-db.com/exploits/4705
http://www.securityfocus.com/archive/1/484803/100/100/threaded
Configurations

Configuration 1

cpe:2.3:a:flat_php:board:*:*:*:*:*:*:*:*
Information

Published : 2007-12-17 06:46

Updated : 2018-10-15 09:52

NVD link : CVE-2007-6397

Mitre link : CVE-2007-6397

Products Affected
No products.
CWE
CWE-22