CVE-2007-0700 - OpenCVE

Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Portail Web Php	Portail Web Php

Configuration 1 [-]

cpe:2.3:a:portail_web_php:portail_web_php:2.5.1.1:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/33634
http://www.attrition.org/pipermail/vim/2007-February/001269.html	Exploit
http://www.attrition.org/pipermail/vim/2007-February/001280.html
http://www.attrition.org/pipermail/vim/2007-February/001281.html
http://www.securityfocus.com/archive/1/458805/100/0/threaded
http://www.securityfocus.com/bid/22361	Exploit
http://www.securityfocus.com/bid/27962
https://exchange.xforce.ibmcloud.com/vulnerabilities/32115
https://www.exploit-db.com/exploits/5182

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-04T00:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-02-03T00:00:00

Link: CVE-2007-0700

JSON object: View

NVD Information

Status : Modified

Published: 2007-02-04T00:28:00.000

Modified: 2018-10-16T16:33:52.497

Link: CVE-2007-0700

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "refsource": "OSVDB", "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0700", "datePublished": "2007-02-04T00:00:00", "dateReserved": "2007-02-03T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:portail_web_php:portail_web_php:2.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBD0F878-59F0-4C63-B463-7A3E717E186C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}, {"lang": "es", "value": "Una Vulnerabilidad del salto de directorio en el archivo index.php en Guernion Sylvain Portail Web Php (tambi\u00e9n se conoce como Gsylvain35 Portail Web, PwP) permite a los atacantes remotos leer archivos arbitrarios por medio de .. (punto punto) en el par\u00e1metro page NOTA: este problema fue reportado m\u00e1s tarde para 2.5.1.1."}], "id": "CVE-2007-0700", "lastModified": "2018-10-16T16:33:52.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-04T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33634"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22361"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27962"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5182"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}