Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4180

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4180
Last Modified 05 Sep 2008 05:27:36
Published 07 Aug 2007 09:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4180

Summary

** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a a fixed argument when invoking fputs, which cannot be used to read files.

Vulnerable Systems

Application

  • Pluck 4.3


References

BUGTRAQ - 20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure

VIM - 20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure

MISC - http://outlaw.aria-security.info/?p=12

XF - pluck-theme-directory-traversal(35757)

SREASON - 2973


Last Updated: 27 May 2016 10:45:47