CVE-2007-3942
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.1.3 allows remote attackers to include local files via unspecified vectors related to the sourcedir parameter or the actionArray hash. NOTE: CVE and multiple third parties dispute this vulnerability because both sourcedir and actionArray are defined before use
** IMPUGNADO ** Vulnerabilidad de salto de directorio en index.php de Simple Machines Forum (SMF) 1.1.3 permite a atacantes remotos incluir ficheros locales mediante vectores no especificados relativos al parámetro sourcedir o la tabla hash actionArray.
NOTA: CVE y múltiples terceras partes impugnan esta vulnerabilidad porque ambos sourcedir y actionArray se definen antes de ser usados.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-07-20 CVE Reserved
- 2007-07-21 CVE Published
- 2024-05-24 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/473866/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/473991/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/480572/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35451 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Simple Machines Search vendor "Simple Machines" | Simple Machines Forum Search vendor "Simple Machines" for product "Simple Machines Forum" | 1.1.3 Search vendor "Simple Machines" for product "Simple Machines Forum" and version "1.1.3" | - |
Affected
| ||||||