CVE-2007-5491

SiteBar 3.3.8 - Authenticated Path Traversal via Translation Module Lang Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.

References (8)

Core 8
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27503
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=195810
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200711-05.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26126
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28008
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1423
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3768

Scores

EPSS 0.0234
EPSS Percentile 81.6%

Details

CWE
CWE-22
Status published
Products (1)
sitebar/sitebar 3.3.8
Published Oct 17, 2007
Tracked Since Feb 18, 2026