CVE-2007-3326 - Vulnerability Details - OpenCVE

Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jelsoft	Vbulletin

Configuration 1 [-]

cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://securityreason.com/securityalert/2820
http://www.securityfocus.com/archive/1/471835/100/0/threaded
http://www.securityfocus.com/archive/1/471838/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/34956

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-06-21T18:00:00

Updated: 2024-08-07T14:14:12.885Z

Reserved: 2007-06-21T00:00:00

Link: CVE-2007-3326

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-06-21T18:30:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-3326

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-06-20T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20070620 New Include Redirect Bug XSS All vBulletin® v 3.x.x", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"}, {"name": "vbulletin-index-directory-traversal(34956)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"}, {"name": "20070620 New post Topic Hijacking XSS All vBulletin® v 3.x.x (2)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"}, {"name": "2820", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2820"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3326", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20070620 New Include Redirect Bug XSS All vBulletin® v 3.x.x", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"}, {"name": "vbulletin-index-directory-traversal(34956)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"}, {"name": "20070620 New post Topic Hijacking XSS All vBulletin® v 3.x.x (2)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"}, {"name": "2820", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2820"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:14:12.885Z"}, "title": "CVE Program Container", "references": [{"name": "20070620 New Include Redirect Bug XSS All vBulletin® v 3.x.x", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"}, {"name": "vbulletin-index-directory-traversal(34956)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"}, {"name": "20070620 New post Topic Hijacking XSS All vBulletin® v 3.x.x (2)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"}, {"name": "2820", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2820"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3326", "datePublished": "2007-06-21T18:00:00", "dateReserved": "2007-06-21T00:00:00", "dateUpdated": "2024-08-07T14:14:12.885Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jelsoft:vbulletin:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "D66CAB0A-2A0A-47EF-A328-C341CCC1BA76", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow remote attackers to redirect visitors to arbitrary local files via a .. (dot dot) in (1) the loc parameter to admincp/index.php and (2) the Hyperlink information URl field for post Topic in showthread.php, enabling cross-site scripting (XSS) and other attacks, a different vulnerability than CVE-2005-3025.2."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de escalado de directorio en el vBulletin 3.x.x permite a atacantes remotos redirigir a los visitantes a ficheros locales de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el (1) par\u00e1metro loc del admincp/index.php y (2) el campo URI de informaci\u00f3n de hiper-enlace para el post Topic en el showthread.php, habilitando secuencias de comandos en sitios cruzados (XSS) y otros ataques. Vulnerabilidad diferente a la CVE-2005-3025.2."}], "id": "CVE-2007-3326", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-06-21T18:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2820"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2820"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471835/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/471838/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34956"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}