{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-1094", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"name": "38601", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38601"}, {"name": "3548", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3548"}, {"name": "roseonlinecms-index-file-include(33185)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"name": "23108", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23108"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-1094", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"name": "38601", "refsource": "OSVDB", "url": "http://osvdb.org/38601"}, {"name": "3548", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3548"}, {"name": "roseonlinecms-index-file-include(33185)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"name": "23108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23108"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1636", "datePublished": "2007-03-23T22:00:00", "dateReserved": "2007-03-23T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:roseonlinecms:roseonlinecms:3_b1:*:*:*:*:*:*:*", "matchCriteriaId": "88ABC5B0-D6EA-447D-8FB8-1FE1588DA441", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}, {"lang": "es", "value": "La vulnerabilidad de salto de directorio en el archivo index.php en RoseOnlineCMS versi\u00f3n 3 B1, permite a atacantes remotos incluir archivos arbitrarios por medio de una secuencia .. (punto punto) en el par\u00e1metro op, como es demostrado mediante la inyecci\u00f3n de c\u00f3digo PHP en los archivos de registro de Apache por medio de la URL y el encabezado HTTP User-Agent."}], "id": "CVE-2007-1636", "lastModified": "2017-10-11T01:31:55.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-23T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38601"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23108"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3548"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}