CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5920

index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote attackers to include certain files via unspecified vectors, possibly due to a directory traversal vulnerability. NOTE: this can be leveraged to bypass authentication and upload files by including pico_insert.php or unspecified other administrative scripts. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.0%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/42106
http://picoflat.altervista.org/
http://secunia.com/advisories/27504
http://www.securityfocus.com/bid/26362
https://exchange.xforce.ibmcloud.com/vulnerabilities/38310
http://osvdb.org/42106
http://picoflat.altervista.org/
http://secunia.com/advisories/27504
http://www.securityfocus.com/bid/26362
https://exchange.xforce.ibmcloud.com/vulnerabilities/38310

Products affected by CVE-2007-5920

Picoflat Cms » Picoflat Cms » Version: Any

cpe:2.3:a:picoflat_cms:picoflat_cms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5920

Products

Pricing

Contact Us