CVE-2007-3251 : Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.

Published 2007-06-18 10:30:00

Updated 2017-10-19 01:30:10

Source MITRE

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2007-3251

Probability of exploitation activity in the next 30 days: 0.73%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 80 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-3251

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

References for CVE-2007-3251

Products affected by CVE-2007-3251

E-vision » E-vision Cms
Versions up to, including, (<=) 2.02
cpe:2.3:a:e-vision:e-vision_cms:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2007-3251

Exploit prediction scoring system (EPSS) score for CVE-2007-3251

CVSS scores for CVE-2007-3251

References for CVE-2007-3251

Products affected by CVE-2007-3251