CVE-2007-6508 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xecms	Xecms

Configuration 1 [-]

cpe:2.3:a:xecms:xecms:1.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/44555
http://securityreason.com/securityalert/3477
http://www.securityfocus.com/archive/1/485335/100/0/threaded
http://www.securityfocus.com/bid/26952
https://exchange.xforce.ibmcloud.com/vulnerabilities/39151
https://www.exploit-db.com/exploits/4758

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-21T19:00:00

Updated: 2024-08-07T16:11:05.798Z

Reserved: 2007-12-21T00:00:00

Link: CVE-2007-6508

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-21T19:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6508

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "44555", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/44555"}, {"name": "3477", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3477"}, {"name": "20071219 xeCMS 1.x.x Remote File Disclosure Vulnerability.", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/485335/100/0/threaded"}, {"name": "xecms-view-directory-traversal(39151)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39151"}, {"name": "4758", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4758"}, {"name": "26952", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26952"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6508", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "44555", "refsource": "OSVDB", "url": "http://osvdb.org/44555"}, {"name": "3477", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3477"}, {"name": "20071219 xeCMS 1.x.x Remote File Disclosure Vulnerability.", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/485335/100/0/threaded"}, {"name": "xecms-view-directory-traversal(39151)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39151"}, {"name": "4758", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4758"}, {"name": "26952", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26952"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:11:05.798Z"}, "title": "CVE Program Container", "references": [{"name": "44555", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/44555"}, {"name": "3477", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3477"}, {"name": "20071219 xeCMS 1.x.x Remote File Disclosure Vulnerability.", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/485335/100/0/threaded"}, {"name": "xecms-view-directory-traversal(39151)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39151"}, {"name": "4758", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4758"}, {"name": "26952", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26952"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6508", "datePublished": "2007-12-21T19:00:00", "dateReserved": "2007-12-21T00:00:00", "dateUpdated": "2024-08-07T16:11:05.798Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xecms:xecms:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2224BF93-389B-4757-89FC-C5B64392ACF6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in view.php in xeCMS 1.0 allows remote attackers to read arbitrary files via a ..%2F (dot dot slash) in the list parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en view.php en xeCMS 1.0 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de la secuencia ..%2F (punto punto barra) en el par\u00e1metro list."}], "id": "CVE-2007-6508", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-21T19:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/44555"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3477"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/485335/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26952"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39151"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4758"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/44555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3477"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/485335/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4758"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}