CVE-2007-2304 - Vulnerability Details - OpenCVE

Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qdblog	Qdblog

Configuration 1 [-]

cpe:2.3:a:qdblog:qdblog:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.attrition.org/pipermail/vim/2007-April/001544.html
http://www.securityfocus.com/bid/23485
http://www.vupen.com/english/advisories/2007/1387
https://exchange.xforce.ibmcloud.com/vulnerabilities/33634
https://www.exploit-db.com/exploits/3729

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-26T21:00:00

Updated: 2024-08-07T13:33:28.276Z

Reserved: 2007-04-26T00:00:00

Link: CVE-2007-2304

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-04-26T21:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2304

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "qdblog-categories-file-include(33634)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33634"}, {"name": "ADV-2007-1387", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1387"}, {"name": "3729", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3729"}, {"name": "23485", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23485"}, {"name": "20070425 [true] Quick and Dirty Blog RFI", "tags": ["mailing-list", "x_refsource_VIM"], "url": "http://www.attrition.org/pipermail/vim/2007-April/001544.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2304", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "qdblog-categories-file-include(33634)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33634"}, {"name": "ADV-2007-1387", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1387"}, {"name": "3729", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3729"}, {"name": "23485", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23485"}, {"name": "20070425 [true] Quick and Dirty Blog RFI", "refsource": "VIM", "url": "http://www.attrition.org/pipermail/vim/2007-April/001544.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:33:28.276Z"}, "title": "CVE Program Container", "references": [{"name": "qdblog-categories-file-include(33634)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33634"}, {"name": "ADV-2007-1387", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1387"}, {"name": "3729", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3729"}, {"name": "23485", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23485"}, {"name": "20070425 [true] Quick and Dirty Blog RFI", "tags": ["mailing-list", "x_refsource_VIM", "x_transferred"], "url": "http://www.attrition.org/pipermail/vim/2007-April/001544.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2304", "datePublished": "2007-04-26T21:00:00", "dateReserved": "2007-04-26T00:00:00", "dateUpdated": "2024-08-07T13:33:28.276Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qdblog:qdblog:*:*:*:*:*:*:*:*", "matchCriteriaId": "94FE4E17-DAC4-4381-A400-5BDC8DE8A791", "versionEndIncluding": "0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in Quick and Dirty Blog (QDBlog) 0.4, and possibly earlier, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to categories.php and other unspecified files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en Quick and Dirty Blog (QDBlog) 0.4, y posiblemente anteriores, permite a atacantes remotos incluir y ejecutar archivos locales de su elecci\u00f3n a trav\u00e9s de la secuencia .. (punto punto) en el par\u00e1metro theme en categories.php y otros ficheros no especificados."}], "id": "CVE-2007-2304", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-26T21:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://www.attrition.org/pipermail/vim/2007-April/001544.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23485"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1387"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33634"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3729"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.attrition.org/pipermail/vim/2007-April/001544.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23485"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3729"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}