CVE-2007-4655

Published Sep 4, 2007

Last updated 8 years ago

CVSS info 5.0

Overview

Description: Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200

Hype score: Not currently trending

Evaluator

Comment: Additional information can be found at: http://www.securityfocus.com/bid/25500/info
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cgi-rescue:shopping_basket_professional:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "647E8A28-D94A-4A6E-BA90-CBE83FF74CFC",
            "versionEndIncluding": "7.51"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References