Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6581

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-6581
Last Modified 15 Nov 2008 02:05:23
Published 28 Dec 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6581

Summary

Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.

Vulnerable Systems

Application

  • Social Engine 2.0


References

BID - 26990

MILW0RM - 4767

MISC - http://www.inj3ct-it.org/exploit/socialengine2.txt

OSVDB - 40375

OSVDB - 40374

OSVDB - 40373

OSVDB - 40372

OSVDB - 40371

OSVDB - 40370


Last Updated: 27 May 2016 10:46:32