Published: 03/04/2007 Updated: 29/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Directory traversal vulnerability in 404.php in Drake CMS allows remote malicious users to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

Vulnerable Product	Search on Vulmon	Subscribe to Product
drake team drake cms 0.3.7
drake team drake cms 0.3.7_beta

source: wwwsecurityfocuscom/bid/23215/info Drake CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input Exploiting this issue may allow an unauthorized user to view files and execute local scripts Version 037 Beta is vulnerable; other versions may also be affected wwwe ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/464272 http://www.securityfocus.com/bid/23215 https://exchange.xforce.ibmcloud.com/vulnerabilities/33331 https://nvd.nist.gov https://www.exploit-db.com/exploits/29805/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1849

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect