Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2007-5684

Опубликовано: 26 окт. 2007
Источник: nvd
CVSS2: 7.5
EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:*
Версия до 1.9.8.1 (включая)
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc1:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc2:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.0:rc3:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:tiki:tikiwiki_cms\/groupware:1.9.8:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.01935
Низкий

7.5 High

CVSS2

Дефекты

CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2007-5684

ubuntu
больше 18 лет назад

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.

debian логотип

CVE-2007-5684

debian
больше 18 лет назад

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and e ...

github логотип

GHSA-mrmg-vfrw-qcjm

github
почти 4 года назад

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in (1) error_handler_file and (2) local_php parameters to (a) tiki-index.php, or (3) encoded "..%2F" sequences in the imp_language parameter to tiki-imexport_languages.php.

EPSS

Процентиль: 83%
0.01935
Низкий

7.5 High

CVSS2

Дефекты

CWE-22