CVE-2007-5491

Sažetak

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

Reference

http://secunia.com/advisories/27503
http://secunia.com/advisories/28008
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
http://www.debian.org/security/2007/dsa-1423
http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
http://www.securityfocus.com/bid/26126
http://www.vupen.com/english/advisories/2007/3768
https://bugs.gentoo.org/show_bug.cgi?id=195810

CVSS

Base:	9.0
Impact:	10.0
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-03-2011 - 03:00

Objavljeno

17-10-2007 - 19:17