Vulnerability CVE-2007-4655
Published: 2007-09-04   Modified: 2012-02-12

Description:
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cgi-rescue -> Shopping basket professional 

 References:
http://secunia.com/advisories/26614
http://osvdb.org/40147
http://osvdb.org/40146
http://jvn.jp/jp/JVN%2320452446/index.html
http://xforce.iss.net/xforce/xfdb/36389
http://www.securityfocus.com/bid/25500
Copyright 2024, cxsecurity.com

 

Back to Top