CVE-2007-4723
Last modified
CVE-2007-4723 is a vulnerability of currently unknown severity. Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.. EPSS estimates a 5.83% chance of exploitation in the next 30 days.
Description
Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ragnarok Online Control Panel Project | Ragnarok Online Control Panel | 4.3.4a |
References
- http://osvdb.org/45879Broken Link
- http://securityreason.com/securityalert/3100Third Party Advisory
- http://www.securityfocus.com/archive/1/478263/100/0/threadedThird Party Advisory, VDB Entry
- http://osvdb.org/45879Broken Link
- http://securityreason.com/securityalert/3100Third Party Advisory
- http://www.securityfocus.com/archive/1/478263/100/0/threadedThird Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-4723?
How severe is CVE-2007-4723?
How do I fix CVE-2007-4723?
Are you affected by CVE-2007-4723?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST