PT-2007-5879 · Gravity Interactive · Ragnarok Online Control Panel

Published

2007-09-05

Updated

2025-03-22

CVE-2007-4723

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Ragnarok Online Control Panel version 4.3.4a

Description: A directory traversal issue allows remote attackers to bypass authentication by using directory traversal sequences in a URI that ends with the name of a publicly available page. This can be achieved with a sequence such as "/...../" and accessing a page like "account manage.php/login.php" to reach protected pages like "account manage.php".

Recommendations: For Ragnarok Online Control Panel version 4.3.4a, consider restricting access to sensitive pages like "account manage.php" until a patch is available. As a temporary workaround, limit the use of directory traversal sequences in URIs to minimize the risk of exploitation.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-4723

Affected Products

Ragnarok Online Control Panel

PT-2007-5879 · Gravity Interactive · Ragnarok Online Control Panel

CVE-2007-4723

Weakness Enumeration

Related Identifiers

Affected Products

References · 5