CVE-2007-0585 - include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote atta

CVE-2007-0585

Summary

include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks. Successful exploitation requires that "register_globals" is enabled.

References

Vulnerable Configurations

cpe:2.3:a:webfwlog:webfwlog:*:*:*:*:*:*:*:*
cpe:2.3:a:webfwlog:webfwlog:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	22291
confirm	http://webfwlog.cvs.sourceforge.net/checkout/webfwlog/webfwlog/ChangeLog
exploit-db	3222
osvdb	33015
secunia	23968
vupen	ADV-2007-0399
xf	webfwlog-debug-file-include(31881)

Last major update

13-08-2018 - 21:47

Published

30-01-2007 - 17:28

Last modified

13-08-2018 - 21:47