NVD

Id
53519  
Name
CVE-2007-1329  
Description
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-07  
Published
2007-03-07  
Modified Date
2008-11-15  
Seq
2007-1329  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
271044 53519 CVE-2007-1329 2381  View
271045 53519 CVE-2007-1329 1017715  View
271046 53519 CVE-2007-1329 20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB  View
271047 53519 CVE-2007-1329 sqlledger-userpathmemberfile-dir-traversal(32776)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
54780 JVNDB-2007-003472 SQL-Ledger などにおけるディレクトリトラバーサルの脆弱性 SQL-Ledger および LedgerSMB は、ブラックリスト関数が文字列をフィルタすることで .. (ドットドット) シーケンスになる不備があるため、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2007-1329 24684 CVE-2007-1329 53519 10 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-003472.html 2007-03-07 2012-09-25 View