Vulnerability Description
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ragnarok Online Control Panel Project | Ragnarok Online Control Panel | 4.3.4a |
| Apache | Http Server | All versions |
Related Weaknesses (CWE)
References
- http://osvdb.org/45879Broken Link
- http://securityreason.com/securityalert/3100Third Party Advisory
- http://www.securityfocus.com/archive/1/478263/100/0/threadedThird Party AdvisoryVDB Entry
- http://osvdb.org/45879Broken Link
- http://securityreason.com/securityalert/3100Third Party Advisory
- http://www.securityfocus.com/archive/1/478263/100/0/threadedThird Party AdvisoryVDB Entry
FAQ
What is CVE-2007-4723?
CVE-2007-4723 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a ...
How severe is CVE-2007-4723?
CVE-2007-4723 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4723?
Check the references section above for vendor advisories and patch information. Affected products include: Ragnarok Online Control Panel Project Ragnarok Online Control Panel, Apache Http Server.