CVE-2007-0700 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00355.

Key SSVC decision points have not yet been added.

Vendors	Products
Portail Web Php Subscribe	Portail Web Php Subscribe

Configuration 1 [-]

cpe:2.3:a:portail_web_php:portail_web_php:2.5.1.1:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2007-0697	Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://osvdb.org/33634
http://www.attrition.org/pipermail/vim/2007-February/001269.html
http://www.attrition.org/pipermail/vim/2007-February/001280.html
http://www.attrition.org/pipermail/vim/2007-February/001281.html
http://www.securityfocus.com/archive/1/458805/100/0/threaded
http://www.securityfocus.com/bid/22361
http://www.securityfocus.com/bid/27962
https://exchange.xforce.ibmcloud.com/vulnerabilities/32115
https://www.exploit-db.com/exploits/5182

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-04T00:00:00

Updated: 2024-08-07T12:26:54.283Z

Reserved: 2007-02-03T00:00:00

Link: CVE-2007-0700

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-02-04T00:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0700

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "refsource": "OSVDB", "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.283Z"}, "title": "CVE Program Container", "references": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0700", "datePublished": "2007-02-04T00:00:00", "dateReserved": "2007-02-03T00:00:00", "dateUpdated": "2024-08-07T12:26:54.283Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:portail_web_php:portail_web_php:2.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBD0F878-59F0-4C63-B463-7A3E717E186C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}, {"lang": "es", "value": "Una Vulnerabilidad del salto de directorio en el archivo index.php en Guernion Sylvain Portail Web Php (tambi\u00e9n se conoce como Gsylvain35 Portail Web, PwP) permite a los atacantes remotos leer archivos arbitrarios por medio de .. (punto punto) en el par\u00e1metro page NOTA: este problema fue reportado m\u00e1s tarde para 2.5.1.1."}], "id": "CVE-2007-0700", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-04T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33634"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22361"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27962"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27962"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5182"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}