Details of VAR-200712-0213

ID

VAR-200712-0213

CVE

CVE-2007-6376

TITLE

Francisco Burzi PHP-Nuke of autohtml.php Vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2007-002987

DESCRIPTION

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This vulnerability CVE-2006-4190 Is a different vulnerability.By a third party .. Dance Music is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input

Trust: 1.98

sources: NVD: CVE-2007-6376 // JVNDB: JVNDB-2007-002987 // BID: 26807 // VULHUB: VHN-29738

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0	Trust: 0.8
vendor:	php nuke	model:	php-nuke	scope:	eq	version:	8.0	Trust: 0.3

sources: BID: 26807 // JVNDB: JVNDB-2007-002987 // CNNVD: CNNVD-200712-172 // NVD: CVE-2007-6376

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-6376
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-6376
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200712-172
value:	HIGH
Trust: 0.6
VULHUB:	VHN-29738
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-6376
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-29738
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-29738 // JVNDB: JVNDB-2007-002987 // CNNVD: CNNVD-200712-172 // NVD: CVE-2007-6376

PROBLEMTYPE DATA

problemtype:

CWE-22

Trust: 1.9

sources: VULHUB: VHN-29738 // JVNDB: JVNDB-2007-002987 // NVD: CVE-2007-6376

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200712-172

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200712-172

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002987

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-29738

PATCH

title:

Top Page

url:

http://phpnuke.org/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002987

EXTERNAL IDS

db:	NVD	id:	CVE-2007-6376	Trust: 2.8
db:	BID	id:	26807	Trust: 2.0
db:	OSVDB	id:	39507	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-002987	Trust: 0.8
db:	CNNVD	id:	CNNVD-200712-172	Trust: 0.7
db:	SEEBUG	id:	SSVID-84239	Trust: 0.1
db:	EXPLOIT-DB	id:	30881	Trust: 0.1
db:	VULHUB	id:	VHN-29738	Trust: 0.1

sources: VULHUB: VHN-29738 // BID: 26807 // JVNDB: JVNDB-2007-002987 // CNNVD: CNNVD-200712-172 // NVD: CVE-2007-6376

REFERENCES

url:	http://www.securityfocus.com/bid/26807	Trust: 1.7
url:	http://osvdb.org/39507	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6376	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6376	Trust: 0.8
url:	http://www.phpnuke.org	Trust: 0.3

sources: VULHUB: VHN-29738 // BID: 26807 // JVNDB: JVNDB-2007-002987 // CNNVD: CNNVD-200712-172 // NVD: CVE-2007-6376

CREDITS

d3v1l is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 26807 // CNNVD: CNNVD-200712-172

SOURCES

db:	VULHUB	id:	VHN-29738
db:	BID	id:	26807
db:	JVNDB	id:	JVNDB-2007-002987
db:	CNNVD	id:	CNNVD-200712-172
db:	NVD	id:	CVE-2007-6376

LAST UPDATE DATE

2024-11-23T22:32:09.023000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-29738	date:	2008-11-15T00:00:00
db:	BID	id:	26807	date:	2015-05-07T17:34:00
db:	JVNDB	id:	JVNDB-2007-002987	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200712-172	date:	2007-12-14T00:00:00
db:	NVD	id:	CVE-2007-6376	date:	2024-11-21T00:39:59.983

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-29738	date:	2007-12-15T00:00:00
db:	BID	id:	26807	date:	2007-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2007-002987	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200712-172	date:	2007-12-14T00:00:00
db:	NVD	id:	CVE-2007-6376	date:	2007-12-15T01:46:00