Vulnerability Details CVE-2007-4655
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 43.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://jvn.jp/jp/JVN%2320452446/index.html
- http://osvdb.org/40146
- http://osvdb.org/40147
- http://secunia.com/advisories/26614
- http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20070823212803
- http://www.securityfocus.com/bid/25500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36389
- http://jvn.jp/jp/JVN%2320452446/index.html
- http://osvdb.org/40146
- http://osvdb.org/40147
- http://secunia.com/advisories/26614
- http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20070823212803
- http://www.securityfocus.com/bid/25500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36389
Products affected by CVE-2007-4655
-
cpe:2.3:a:cgi-rescue:shopping_basket_professional:*