Vulnerability Description
Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the delfiles parameter.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| A-Shop | A-Shop | <= 0.70 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/26126Vendor Advisory
- http://www.securityfocus.com/bid/24971
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35483
- https://www.exploit-db.com/exploits/4198
- http://secunia.com/advisories/26126Vendor Advisory
- http://www.securityfocus.com/bid/24971
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35483
- https://www.exploit-db.com/exploits/4198
FAQ
What is CVE-2007-3936?
CVE-2007-3936 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Directory traversal vulnerability in admin/filebrowser.asp in A-shop 0.70 and earlier, and possibly 0.71, allows remote attackers to delete arbitrary files via unspecified filename references in the d...
How severe is CVE-2007-3936?
CVE-2007-3936 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3936?
Check the references section above for vendor advisories and patch information. Affected products include: A-Shop A-Shop.