CVE-2007-4723

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

Vulnerabilidad de salto de directorio en Ragnarok Online Control Panel 4.3.4a, cuando se utiliza Apache HTTP Server, permite a atacantes remotos evitar la autenticación mediante secuencias de salto de directorio en un URI que termina con el nombre de una página públicamente disponible, como ha sido demostrado por la secuencia "/...../" y un componente final account_manage.php/login.php para acceder a la página protegida account_manage.php.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-09-05 CVE Reserved
2007-09-05 CVE Published
2024-06-01 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (3)

URL	Tag	Source
http://osvdb.org/45879	Broken Link
http://securityreason.com/securityalert/3100	Third Party Advisory
http://www.securityfocus.com/archive/1/478263/100/0/threaded	Mailing List

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ragnarok Online Control Panel Project Search vendor "Ragnarok Online Control Panel Project"	Ragnarok Online Control Panel Search vendor "Ragnarok Online Control Panel Project" for product "Ragnarok Online Control Panel"	4.3.4a Search vendor "Ragnarok Online Control Panel Project" for product "Ragnarok Online Control Panel" and version "4.3.4a"	-	Affected	in	Apache Search vendor "Apache"	Http Server Search vendor "Apache" for product "Http Server"	*	-	Safe