CVE-2007-5742
Wesnoth 1.2.x < 1.2.8 and 1.3.x < 1.3.12 - Path Traversal via WML Engine Preprocessor
Title source: llmDescription
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
References (13)
Core 13
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/41713
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27920
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html
Patch x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=557098
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27943
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27786
Patch x_refsource_confirm
http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289
Vendor Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4026
Various Sources x_refsource_confirm
http://www.wesnoth.org/forum/viewtopic.php?t=18844
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38752
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26626
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1421
Scores
EPSS
0.0284
EPSS Percentile
84.9%
Details
CWE
CWE-22
Status
published
Products (50)
wesnoth/wesnoth
0.2.1
wesnoth/wesnoth
0.3
wesnoth/wesnoth
0.3.1
wesnoth/wesnoth
0.3.2
wesnoth/wesnoth
0.3.3
wesnoth/wesnoth
0.3.4
wesnoth/wesnoth
0.4
wesnoth/wesnoth
0.4.1
wesnoth/wesnoth
0.4.2
wesnoth/wesnoth
0.4.3
... and 40 more
Published
Dec 01, 2007
Tracked Since
Feb 18, 2026