CVE

Id
27365  
CVE No.
CVE-2007-4008  
Status
Candidate  
Description
Directory traversal vulnerability in custom.php in Entertainment Media Sharing CMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagename parameter.  
Phase
Assigned (20070725)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
281407 27365 CVE-2007-4008 MILW0RM:4220  View
281408 27365 CVE-2007-4008 URL:http://www.milw0rm.com/exploits/4220  View
281409 27365 CVE-2007-4008 BID:25039  View
281410 27365 CVE-2007-4008 URL:http://www.securityfocus.com/bid/25039  View
281411 27365 CVE-2007-4008 VUPEN:ADV-2007-2644  View
281412 27365 CVE-2007-4008 URL:http://www.vupen.com/english/advisories/2007/2644  View
281413 27365 CVE-2007-4008 OSVDB:36919  View
281414 27365 CVE-2007-4008 URL:http://osvdb.org/36919  View
281415 27365 CVE-2007-4008 SECUNIA:26194  View
281416 27365 CVE-2007-4008 URL:http://secunia.com/advisories/26194  View
281417 27365 CVE-2007-4008 XF:entertainment-custom-file-include(35609)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
55494 JVNDB-2007-004186 PHP の win32std エクステンションにおけるコマンドを実行される脆弱性 PHP の win32std エクステンションは、safe_mode および disable functions 制限に準拠しないため、任意のコマンドを実行される脆弱性が存在します。 CVE-2007-4010 27365 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-004186.html  View