CVE-2007-4028 - Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to in

CVE-2007-4028

Summary

Absolute path traversal vulnerability in index.php in Webspell 4.01.02 allows remote attackers to include and execute arbitrary local files via a full pathname in the site parameter. NOTE: some of these details are obtained from third party information. Vendor has supplied a patch for this vulnerability: http://cms.webspell.org/index.php?site=files&cat=10

References

http://osvdb.org/37516
http://secunia.com/advisories/26172
http://securityreason.com/securityalert/2927
http://www.securityfocus.com/archive/1/474416/100/0/threaded
http://www.securityfocus.com/bid/25012

Vulnerable Configurations

cpe:2.3:a:webspell:webspell:4.01.02:*:*:*:*:*:*:*
cpe:2.3:a:webspell:webspell:4.01.02:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 15-10-2018 - 21:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	25012
bugtraq	20070722 Webspell 4.x Local File Inclusion
osvdb	37516
secunia	26172
sreason	2927

Last major update

15-10-2018 - 21:32

Published

26-07-2007 - 19:30

Last modified

15-10-2018 - 21:32