CVE-2003-1298 - Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remot

CVE-2003-1298

Summary

Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with "./.." (dot slash dot dot).

References

http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152
http://secunia.com/advisories/19359
http://www.osvdb.org/23984
http://www.securityfocus.com/bid/17197
http://www.vupen.com/english/advisories/2006/1053
https://exchange.xforce.ibmcloud.com/vulnerabilities/25396

Vulnerable Configurations

cpe:2.3:a:anyportal_php:anyportal_php:0.1:*:*:*:*:*:*:*
cpe:2.3:a:anyportal_php:anyportal_php:0.1:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	17197
misc	http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152
osvdb	23984
secunia	19359
vupen	ADV-2006-1053
xf	anyportalphp-siteman-directory-traversal(25396)

Last major update

20-07-2017 - 01:29

Published

31-12-2003 - 05:00

Last modified

20-07-2017 - 01:29