Vulnerabilities > CVE-2007-2960 - File-Upload vulnerability in Scallywag.Org Scallywag 20050425
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin_name parameter to template.php in (1) skin/dark/, (2) skin/gold/, or (3) skin/original/, a different vector than CVE-2007-2900. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |