CVE-2007-4180

Опубликовано: 08 авг. 2007

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pluck:pluck:4.3:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00281

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-hg68-h73w-q4qq

github

почти 4 года назад

** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a fixed argument when invoking fputs, which cannot be used to read files.