CVE

Id
27537  
CVE No.
CVE-2007-4180  
Status
Candidate  
Description
** DISPUTED ** Directory traversal vulnerability in data/inc/theme.php in Pluck 4.3, when register_globals is enabled, allows remote attackers to read arbitrary local files via a .. (dot dot) in the file parameter. NOTE: CVE and a reliable third party dispute this vulnerability because the code uses a a fixed argument when invoking fputs, which cannot be used to read files.  
Phase
Assigned (20070807)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
283338 27537 CVE-2007-4180 BUGTRAQ:20070802 Pluck 4.3 themes.php Remote File Inclusion and disclosure  View
283339 27537 CVE-2007-4180 URL:http://www.securityfocus.com/archive/1/archive/1/475323/100/0/threaded  View
283340 27537 CVE-2007-4180 MISC:http://outlaw.aria-security.info/?p=12  View
283341 27537 CVE-2007-4180 VIM:20070802 False: Pluck 4.3 themes.php Remote File Inclusion and disclosure  View
283342 27537 CVE-2007-4180 URL:http://www.attrition.org/pipermail/vim/2007-August/001752.html  View
283343 27537 CVE-2007-4180 SREASON:2973  View
283344 27537 CVE-2007-4180 URL:http://securityreason.com/securityalert/2973  View
283345 27537 CVE-2007-4180 XF:pluck-theme-directory-traversal(35757)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
57248 JVNDB-2007-005940 WikiWebWeaver の index.php における任意のコードを実行される脆弱性 WikiWebWeaver の index.php は、無制限にファイルをアップロードする不備があるため、任意の PHP コードをアップロードされる、および実行される脆弱性が存在します。 CVE-2007-4182 27537 7.5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-005940.html  View