CVE-2007-1126

Опубликовано: 27 фев. 2007

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.

Ссылки

http://osvdb.org/33758
Broken Link
http://secunia.com/advisories/24301
Broken Link
http://securityreason.com/securityalert/2294
Third Party Advisory
http://www.securityfocus.com/archive/1/461073/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/22698
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/0746
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/32656
VDB Entry
http://osvdb.org/33758
Broken Link
http://secunia.com/advisories/24301
Broken Link
http://securityreason.com/securityalert/2294
Third Party Advisory
http://www.securityfocus.com/archive/1/461073/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/22698
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/0746
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/32656
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xt-commerce:xt-commerce:*:*:*:*:*:*:*:*

Версия до 2.0 (исключая)

cpe:2.3:a:xt-commerce:xt-commerce:2.0:rc1.2:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05986

Низкий

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-xwf4-g3q4-g8hc

github

больше 3 лет назад