Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6528

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6528
Last Modified 24 Oct 2012 12:00:00
Published 27 Dec 2007 05:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6528

Summary

Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.

Vulnerable Systems

Application

  • Tikiwiki 1.9.8

  • Tikiwiki Cms%2fgroupware 1.6.1

  • Tikiwiki Cms%2fgroupware 1.9.0

  • Tikiwiki Cms%2fgroupware 1.9.1

  • Tikiwiki Cms%2fgroupware 1.9.2

  • Tikiwiki Cms%2fgroupware 1.9.3

  • Tikiwiki Cms%2fgroupware 1.9.4

  • Tikiwiki Cms%2fgroupware 1.9.5

  • Tikiwiki Cms%2fgroupware 1.9.6

  • Tikiwiki Cms%2fgroupware 1.9.7

  • Tikiwiki Cms%2fgroupware 1.9.8


References

BID - 27008

BUGTRAQ - 20071224 [ISecAuditors Security Advisories] Tikiwiki CMS is vulnerable to path traversal attack

CONFIRM - http://tikiwiki.org/ReleaseProcess199

SECUNIA - 28225

OSVDB - 41178

MILW0RM - 4942

SREASON - 3484

GENTOO - GLSA-200801-10

SECUNIA - 28602


Last Updated: 27 May 2016 11:01:16