CVE-2007-5927

HIGH

OpenBase < 10.0.5 - Authenticated Path Traversal via GlobalLog Stored Procedure

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26347
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27525

Scores

CVSS v3 8.1
EPSS 0.0397
EPSS Percentile 89.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-22
Status published
Products (1)
openbase_international_ltd/openbase < 10.0.5
Published Nov 10, 2007
Tracked Since Feb 18, 2026