CVE-2007-1636 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Roseonlinecms	Roseonlinecms

Configuration 1 [-]

cpe:2.3:a:roseonlinecms:roseonlinecms:3_b1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/38601
http://www.securityfocus.com/bid/23108
http://www.vupen.com/english/advisories/2007/1094
https://exchange.xforce.ibmcloud.com/vulnerabilities/33185
https://www.exploit-db.com/exploits/3548

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-23T22:00:00

Updated: 2024-08-07T13:06:25.618Z

Reserved: 2007-03-23T00:00:00

Link: CVE-2007-1636

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-23T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1636

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-03-23T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-1094", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"name": "38601", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/38601"}, {"name": "3548", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3548"}, {"name": "roseonlinecms-index-file-include(33185)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"name": "23108", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/23108"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1636", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-1094", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"name": "38601", "refsource": "OSVDB", "url": "http://osvdb.org/38601"}, {"name": "3548", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3548"}, {"name": "roseonlinecms-index-file-include(33185)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"name": "23108", "refsource": "BID", "url": "http://www.securityfocus.com/bid/23108"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:06:25.618Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-1094", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"name": "38601", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/38601"}, {"name": "3548", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/3548"}, {"name": "roseonlinecms-index-file-include(33185)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"name": "23108", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/23108"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1636", "datePublished": "2007-03-23T22:00:00", "dateReserved": "2007-03-23T00:00:00", "dateUpdated": "2024-08-07T13:06:25.618Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:roseonlinecms:roseonlinecms:3_b1:*:*:*:*:*:*:*", "matchCriteriaId": "88ABC5B0-D6EA-447D-8FB8-1FE1588DA441", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header."}, {"lang": "es", "value": "La vulnerabilidad de salto de directorio en el archivo index.php en RoseOnlineCMS versi\u00f3n 3 B1, permite a atacantes remotos incluir archivos arbitrarios por medio de una secuencia .. (punto punto) en el par\u00e1metro op, como es demostrado mediante la inyecci\u00f3n de c\u00f3digo PHP en los archivos de registro de Apache por medio de la URL y el encabezado HTTP User-Agent."}], "id": "CVE-2007-1636", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-23T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/38601"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23108"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3548"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/38601"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/23108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1094"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33185"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/3548"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}