Vulnerability Details CVE-2007-0893
Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=full-disclosure&m=117121596803908&w=2
- http://osvdb.org/33178
- http://www.securityfocus.com/archive/1/459792/100/0/threaded
- http://www.securityfocus.com/bid/22516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32433
- http://marc.info/?l=full-disclosure&m=117121596803908&w=2
- http://osvdb.org/33178
- http://www.securityfocus.com/archive/1/459792/100/0/threaded
- http://www.securityfocus.com/bid/22516
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32433
Products affected by CVE-2007-0893
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:*
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta
-
cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3