CVE-2007-2633 - Vulnerability Details - OpenCVE

Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Positive Software	Sitestudio

Configuration 1 [-]

cpe:2.3:a:positive_software:sitestudio:1.6:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/35977
http://secunia.com/advisories/25243
http://www.psoft.net/SS/fixes/index.php?id=94
http://www.vupen.com/english/advisories/2007/1772
https://exchange.xforce.ibmcloud.com/vulnerabilities/34243

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-13T23:00:00

Updated: 2024-08-07T13:42:33.446Z

Reserved: 2007-05-13T00:00:00

Link: CVE-2007-2633

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-05-13T23:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-2633

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-11T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "hsphere-template-directory-traversal(34243)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34243"}, {"name": "ADV-2007-1772", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1772"}, {"name": "25243", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25243"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.psoft.net/SS/fixes/index.php?id=94"}, {"name": "35977", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35977"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2633", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "hsphere-template-directory-traversal(34243)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34243"}, {"name": "ADV-2007-1772", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1772"}, {"name": "25243", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25243"}, {"name": "http://www.psoft.net/SS/fixes/index.php?id=94", "refsource": "CONFIRM", "url": "http://www.psoft.net/SS/fixes/index.php?id=94"}, {"name": "35977", "refsource": "OSVDB", "url": "http://osvdb.org/35977"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:42:33.446Z"}, "title": "CVE Program Container", "references": [{"name": "hsphere-template-directory-traversal(34243)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34243"}, {"name": "ADV-2007-1772", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/1772"}, {"name": "25243", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25243"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.psoft.net/SS/fixes/index.php?id=94"}, {"name": "35977", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/35977"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2633", "datePublished": "2007-05-13T23:00:00", "dateReserved": "2007-05-13T00:00:00", "dateUpdated": "2024-08-07T13:42:33.446Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:positive_software:sitestudio:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "19266BBF-B4AC-40ED-92CD-2954DBD03DBA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en H-Sphere SiteStudio 1.6 permite a atacantes remotos leer, o incluir y ejecutar, archivos locales de su elecci\u00f3n a trav\u00e9s de la secuencia ..(punto punto) en el par\u00e1metro template."}], "id": "CVE-2007-2633", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-13T23:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/35977"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25243"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.psoft.net/SS/fixes/index.php?id=94"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1772"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/35977"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.psoft.net/SS/fixes/index.php?id=94"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/1772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34243"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}