Vulnerability Description
Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via directory traversal sequences in unspecified parameters to (1) list.cgi or (2) list2.cgi.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cgi-Rescue | Shopping Basket Professional | <= 7.51 |
Related Weaknesses (CWE)
References
- http://jvn.jp/jp/JVN%2320452446/index.html
- http://osvdb.org/40146
- http://osvdb.org/40147
- http://secunia.com/advisories/26614Vendor Advisory
- http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20070823212803
- http://www.securityfocus.com/bid/25500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36389
- http://jvn.jp/jp/JVN%2320452446/index.html
- http://osvdb.org/40146
- http://osvdb.org/40147
- http://secunia.com/advisories/26614Vendor Advisory
- http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20070823212803
- http://www.securityfocus.com/bid/25500
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36389
FAQ
What is CVE-2007-4655?
CVE-2007-4655 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple directory traversal vulnerabilities in CGI RESCUE Shopping Basket Professional 7.51 and earlier allow remote attackers to list arbitrary directories, and possibly read arbitrary files, via di...
How severe is CVE-2007-4655?
CVE-2007-4655 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4655?
Check the references section above for vendor advisories and patch information. Affected products include: Cgi-Rescue Shopping Basket Professional.