Sign-up

ID

VAR-200703-0600


CVE

CVE-2007-1577


TITLE

GeBlog index.php Directory Traversal Vulnerability

Trust: 0.8

sources: IVD: b9208a3e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200703-530

DESCRIPTION

Directory traversal vulnerability in index.php in GeBlog 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tplname] parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php. GeBlog of index.php Contains a directory traversal vulnerability.By a third party .. GeBlog is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to access sensitive information and to execute local script code in the context of the application; this may facilitate other attacks against the affected computer. GeBlog 0.1 is vulnerable; other versions may also be affected

Trust: 2.07

sources: NVD: CVE-2007-1577 // JVNDB: JVNDB-2007-001723 // BID: 23052 // IVD: b9208a3e-2352-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: b9208a3e-2352-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:geblogmodel:geblogscope:eqversion:0.1

Trust: 2.7

vendor:geblogmodel: - scope:eqversion:0.1

Trust: 0.2

sources: IVD: b9208a3e-2352-11e6-abef-000c29c66e3d // BID: 23052 // JVNDB: JVNDB-2007-001723 // CNNVD: CNNVD-200703-530 // NVD: CVE-2007-1577

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1577
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1577
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200703-530
value: MEDIUM

Trust: 0.6

IVD: b9208a3e-2352-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2007-1577
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

IVD: b9208a3e-2352-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: b9208a3e-2352-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2007-001723 // CNNVD: CNNVD-200703-530 // NVD: CVE-2007-1577

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1577

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200703-530

TYPE

Path traversal

Trust: 0.8

sources: IVD: b9208a3e-2352-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200703-530

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001723

PATCH
title:Top Pageurl:http://sourceforge.net/projects/geblog/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-001723

EXTERNAL IDS
db:NVDid:CVE-2007-1577
Trust: 2.6
db:BIDid:23052
Trust: 1.9
db:OSVDBid:33776
Trust: 1.6
db:EXPLOIT-DBid:3522
Trust: 1.6
db:CNNVDid:CNNVD-200703-530
Trust: 0.8
db:JVNDBid:JVNDB-2007-001723
Trust: 0.8
db:XFid:33089
Trust: 0.6
db:MILW0RMid:3522
Trust: 0.6
db:IVDid:B9208A3E-2352-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: b9208a3e-2352-11e6-abef-000c29c66e3d // 
            
            
            
            BID: 23052 // 
            
            
            
            JVNDB: JVNDB-2007-001723 // 
            
            
            
            CNNVD: CNNVD-200703-530 // 
            
            
            
            NVD: CVE-2007-1577

REFERENCES
url:http://www.securityfocus.com/bid/23052
Trust: 1.6
url:http://www.osvdb.org/33776
Trust: 1.6
url:https://www.exploit-db.com/exploits/3522
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/33089
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1577
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1577
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/33089
Trust: 0.6
url:http://www.milw0rm.com/exploits/3522
Trust: 0.6
url:/archive/1/484058
Trust: 0.3
sources:
            
            
            BID: 23052 // 
            
            
            
            JVNDB: JVNDB-2007-001723 // 
            
            
            
            CNNVD: CNNVD-200703-530 // 
            
            
            
            NVD: CVE-2007-1577

CREDITS
GolD_M is credited with the discovery of this vulnerability.
Trust: 0.3
sources:
            
            
            BID: 23052

SOURCES
db:IVDid:b9208a3e-2352-11e6-abef-000c29c66e3d
db:BIDid:23052
db:JVNDBid:JVNDB-2007-001723
db:CNNVDid:CNNVD-200703-530
db:NVDid:CVE-2007-1577

LAST UPDATE DATE
2025-04-10T23:20:02.608000+00:00

SOURCES UPDATE DATE
db:BIDid:23052date:2007-11-22T16:54:00
db:JVNDBid:JVNDB-2007-001723date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200703-530date:2007-03-23T00:00:00
db:NVDid:CVE-2007-1577date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:IVDid:b9208a3e-2352-11e6-abef-000c29c66e3ddate:2007-03-21T00:00:00
db:BIDid:23052date:2007-03-20T00:00:00
db:JVNDBid:JVNDB-2007-001723date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200703-530date:2007-03-21T00:00:00
db:NVDid:CVE-2007-1577date:2007-03-21T23:19:00