CVE-2007-1149 - Vulnerability Details - OpenCVE

Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lovecms	Lovecms

Configuration 1 [-]

cpe:2.3:a:lovecms:lovecms:1.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/33517
http://osvdb.org/33518
http://securityreason.com/securityalert/2338
http://www.securityfocus.com/archive/1/460917/100/0/threaded
http://www.securityfocus.com/bid/22675
http://www.vupen.com/english/advisories/2007/0716

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-27T18:00:00

Updated: 2024-08-07T12:43:22.584Z

Reserved: 2007-02-27T00:00:00

Link: CVE-2007-1149

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-02T21:18:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1149

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-22T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "2338", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2338"}, {"name": "33517", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33517"}, {"name": "33518", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/33518"}, {"name": "22675", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22675"}, {"name": "ADV-2007-0716", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0716"}, {"name": "20070222 LoveCMS 1.4 multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/460917/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "2338", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2338"}, {"name": "33517", "refsource": "OSVDB", "url": "http://osvdb.org/33517"}, {"name": "33518", "refsource": "OSVDB", "url": "http://osvdb.org/33518"}, {"name": "22675", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22675"}, {"name": "ADV-2007-0716", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0716"}, {"name": "20070222 LoveCMS 1.4 multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/460917/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:43:22.584Z"}, "title": "CVE Program Container", "references": [{"name": "2338", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2338"}, {"name": "33517", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33517"}, {"name": "33518", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/33518"}, {"name": "22675", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22675"}, {"name": "ADV-2007-0716", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0716"}, {"name": "20070222 LoveCMS 1.4 multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/460917/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1149", "datePublished": "2007-02-27T18:00:00", "dateReserved": "2007-02-27T00:00:00", "dateUpdated": "2024-08-07T12:43:22.584Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lovecms:lovecms:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "FF7D3B93-F8D3-4154-A33A-213ECF68B12D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de escalado de directorio en el LoveCMS 1.4 permiten a atacantes remotos leer ficheros de su elecci\u00f3n mediante .. (punto punto) en el par\u00e1metro step del install/index.php o (2) el par\u00e1metro load en la URI de nivel superior (top-level)."}], "id": "CVE-2007-1149", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/33517"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/33518"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2338"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/460917/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22675"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/33518"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2338"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/460917/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/22675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0716"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}