Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4180


Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4180
Last Modified 05 Sep 2008 05:27:36
Published 07 Aug 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a a fixed argument when invoking fputs, which cannot be used to read files.

Vulnerable Systems


  • Pluck 4.3


BUGTRAQ - 20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure

VIM - 20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure


XF - pluck-theme-directory-traversal(35757)

SREASON - 2973

Last Updated: 27 May 2016 10:45:47