Vulnerabilities > CVE-2007-1930 - Information Disclosure vulnerability in Cattadoc 2.21/3.0

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cattadoc

exploit available

NVD

Published: 2007-04-10

Updated: 2017-10-11

Summary

Directory traversal vulnerability in download2.php in cattaDoc 2.21, and possibly other versions including 3.0, allows remote attackers to read arbitrary files via a .. (dot dot) in the fn1 parameter.

Vulnerable Configurations

Part	Description	Count
Application	Cattadoc Cattadoc Cattadoc 2.21 Cattadoc Cattadoc 3.0	2

Exploit-Db

description	cattaDoc 2.21 (download2.php fn1) Remote File Disclosure Vulnerability. CVE-2007-1930. Webapps exploit for php platform
file	exploits/php/webapps/3677.txt
id	EDB-ID:3677
last seen	2016-01-31
modified	2007-04-06
platform	php
port
published	2007-04-06
reporter	GoLd_M
source	https://www.exploit-db.com/download/3677/
title	cattaDoc 2.21 download2.php fn1 Remote File Disclosure Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References