CVE-2007-5742

Wesnoth 1.2.x < 1.2.8 and 1.3.x < 1.3.12 - Path Traversal via WML Engine Preprocessor

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.

References (13)

Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/41713
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27920
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27943
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27786
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4026
Various Sources x_refsource_confirm
http://www.wesnoth.org/forum/viewtopic.php?t=18844
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38752
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26626
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2007/dsa-1421

Scores

EPSS 0.0284
EPSS Percentile 84.9%

Details

CWE
CWE-22
Status published
Products (50)
wesnoth/wesnoth 0.2.1
wesnoth/wesnoth 0.3
wesnoth/wesnoth 0.3.1
wesnoth/wesnoth 0.3.2
wesnoth/wesnoth 0.3.3
wesnoth/wesnoth 0.3.4
wesnoth/wesnoth 0.4
wesnoth/wesnoth 0.4.1
wesnoth/wesnoth 0.4.2
wesnoth/wesnoth 0.4.3
... and 40 more
Published Dec 01, 2007
Tracked Since Feb 18, 2026