Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6584

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-6584
Last Modified 15 Nov 2008 12:00:00
Published 28 Dec 2007 04:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6584

Summary

Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.

Vulnerable Systems

Application

  • 1024 Cms 1.3.1

  • 1024 Cms 1.4.1

  • 1024 Cms 1.4.2


References

BID - 28753

MILW0RM - 5434

MILW0RM - 4765

SECUNIA - 29810

OSVDB - 41284

OSVDB - 41283

OSVDB - 41282

OSVDB - 41281

OSVDB - 41280


Last Updated: 27 May 2016 10:46:32