CVE-2007-5694

Properties

Published:
28.10.2007
Updated:
31.10.2007
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Product:
SiteBar: SiteBar

Vulnerability description

Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/482499/100/0/threaded
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup: http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
BID: http://www.securityfocus.com/bid/26126