QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5802

Published: Nov 3, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SREASON

third-party-advisory

x_refsource_SECUNIA

synergiser-index-file-include(38217)

vdb-entry

x_refsource_XF

http://www.inj3ct-it.org/exploit/syner.txt

x_refsource_MISC

synergiser-index-path-disclosure(38218)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_VUPEN

20071101 Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.