Vulnerability Details CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.057
EPSS Ranking 90.0%
CVSS Severity
CVSS v2 Score 10.0
References
- http://osvdb.org/33619
- http://osvdb.org/33621
- http://secunia.com/advisories/24363
- http://secunia.com/advisories/24366
- http://securityreason.com/securityalert/2381
- http://securitytracker.com/id?1017715
- http://www.securityfocus.com/archive/1/461630/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32776
- http://osvdb.org/33619
- http://osvdb.org/33621
- http://secunia.com/advisories/24363
- http://secunia.com/advisories/24366
- http://securityreason.com/securityalert/2381
- http://securitytracker.com/id?1017715
- http://www.securityfocus.com/archive/1/461630/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32776
Products affected by CVE-2007-1329
-
cpe:2.3:a:ledgersmb:ledgersmb:1.0.0
-
cpe:2.3:a:ledgersmb:ledgersmb:1.1
-
cpe:2.3:a:ledgersmb:ledgersmb:1.1.1
-
cpe:2.3:a:sql-ledger:sql-ledger:2.6.25