5
CVE-2007-1601
- EPSS 1.44%
- Veröffentlicht 22.03.2007 23:19:00
- Zuletzt bearbeitet 16.06.2026 22:37:56
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginDirectory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this vulnerability, noting that the order variable is not used in any context that allows opening files
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weekly Drawing Contest ≫ Weekly Drawing Contest Version0.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.698 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
http://osvdb.org/35148
http://securityreason.com/securityalert/2453
http://www.securityfocus.com/archive/1/462663/100/100/threaded
http://www.securityfocus.com/archive/1/462702/100/100/threaded