Vulnerability Description
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbase International Ltd | Openbase | <= 10.0.5 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/27525Vendor Advisory
- http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txtExploit
- http://www.securityfocus.com/bid/26347Exploit
- http://secunia.com/advisories/27525Vendor Advisory
- http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txtExploit
- http://www.securityfocus.com/bid/26347Exploit
FAQ
What is CVE-2007-5927?
CVE-2007-5927 is a vulnerability with a CVSS score of 8.1 (HIGH). Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog sto...
How severe is CVE-2007-5927?
CVE-2007-5927 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5927?
Check the references section above for vendor advisories and patch information. Affected products include: Openbase International Ltd Openbase.