Vulnerability Details : CVE-2007-0607
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.
Products affected by CVE-2007-0607
- cpe:2.3:a:w-agora:w-agora:4.2.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0607
1.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 85 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0607
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2007-0607
-
http://www.securityfocus.com/archive/1/463215/100/0/threaded
-
http://www.netvigilance.com/advisory0015
Exploit;Vendor Advisory
-
http://securityreason.com/securityalert/2465
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053054.html
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33073
Jump to