Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6129

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-6129
Last Modified 07 Mar 2011 10:01:49
Published 26 Nov 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6129

Summary

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

Vulnerable Systems

Application

  • Amber Script 1.0


References

SECUNIA - 27815

XF - amberscript-showcontent-file-include(38617)

VUPEN - ADV-2007-3993

BID - 26561

BUGTRAQ - 20071124 Amber Script 1.0 (show_content.php id) Local File Inclusion Vulnerability

MILW0RM - 4652

OSVDB - 38814


Last Updated: 27 May 2016 10:46:24