CVE-2007-0700 - OpenCVE

Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Portail Web Php	Portail Web Php

Configuration 1 [-]

cpe:2.3:a:portail_web_php:portail_web_php:2.5.1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/33634
http://www.attrition.org/pipermail/vim/2007-February/001269.html
http://www.attrition.org/pipermail/vim/2007-February/001280.html
http://www.attrition.org/pipermail/vim/2007-February/001281.html
http://www.securityfocus.com/archive/1/458805/100/0/threaded
http://www.securityfocus.com/bid/22361
http://www.securityfocus.com/bid/27962
https://exchange.xforce.ibmcloud.com/vulnerabilities/32115
https://www.exploit-db.com/exploits/5182

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-04T00:00:00

Updated: 2024-08-07T12:26:54.283Z

Reserved: 2007-02-03T00:00:00

Link: CVE-2007-0700

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-02-04T00:28:00.000

Modified: 2018-10-16T16:33:52.497

Link: CVE-2007-0700

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0700", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "refsource": "OSVDB", "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.283Z"}, "title": "CVE Program Container", "references": [{"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"name": "27962", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27962"}, {"name": "33634", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33634"}, {"name": "20070201 php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"name": "portailwebphp-index-file-include(32115)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"name": "22361", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22361"}, {"name": "20070202 Local File Inclusion inconclusive in PwP (was Fwd: php web portail [remote file include & local fileinclude])", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"name": "5182", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5182"}, {"name": "20070201 Fwd: php web portail [remote file include & local file include]", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0700", "datePublished": "2007-02-04T00:00:00", "dateReserved": "2007-02-03T00:00:00", "dateUpdated": "2024-08-07T12:26:54.283Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:portail_web_php:portail_web_php:2.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "DBD0F878-59F0-4C63-B463-7A3E717E186C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1."}, {"lang": "es", "value": "Una Vulnerabilidad del salto de directorio en el archivo index.php en Guernion Sylvain Portail Web Php (tambi\u00e9n se conoce como Gsylvain35 Portail Web, PwP) permite a los atacantes remotos leer archivos arbitrarios por medio de .. (punto punto) en el par\u00e1metro page NOTA: este problema fue reportado m\u00e1s tarde para 2.5.1.1."}], "id": "CVE-2007-0700", "lastModified": "2018-10-16T16:33:52.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-02-04T00:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33634"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.attrition.org/pipermail/vim/2007-February/001269.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001280.html"}, {"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-February/001281.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/458805/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22361"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27962"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32115"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5182"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}