CVE-2007-5927
HIGHOpenBase < 10.0.5 - Authenticated Path Traversal via GlobalLog Stored Procedure
Title source: llmDescription
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26347
Exploit x_refsource_misc
http://www.netragard.com/pdfs/research/NETRAGARD-20070313-OPENBASE.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27525
Scores
CVSS v3
8.1
EPSS
0.0397
EPSS Percentile
89.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (1)
openbase_international_ltd/openbase
< 10.0.5
Published
Nov 10, 2007
Tracked Since
Feb 18, 2026