QwikSec

Security Database

CVE

CWE

Training

CVE-2007-1842

Published: Apr 3, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in login.php in JSBoard before 2.0.12 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the table parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, a related issue to CVE-2006-2019.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://kldp.net/plugins/scmcvs/cvsweb.php/jsboard-2/login.php.diff?r1=1.8%3Br2=1.9%3Bcvsroot=jsboard

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_OSVDB

jsboard-login-file-include(33338)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.