CVE-2007-3312 in CMSinfo

Summary

Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

06/21/2007

Disclosure

06/21/2007

Moderation

VulDB entry created

Entries

VDB-85797 (2)

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

8.8

EPSS

0.04136

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-3312
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3312
CVE Details	https://www.cvedetails.com/cve/CVE-2007-3312/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!