CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-1849

Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.028

EPSS Ranking 85.5%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/archive/1/464272
http://www.securityfocus.com/bid/23215
https://exchange.xforce.ibmcloud.com/vulnerabilities/33331
http://www.securityfocus.com/archive/1/464272
http://www.securityfocus.com/bid/23215
https://exchange.xforce.ibmcloud.com/vulnerabilities/33331

Products affected by CVE-2007-1849

Drake Team » Drake Cms » Version: 0.3.7

cpe:2.3:a:drake_team:drake_cms:0.3.7
Drake Team » Drake Cms » Version: 0.3.7_beta

cpe:2.3:a:drake_team:drake_cms:0.3.7_beta

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1849

Products

Pricing

Contact Us