QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-6584

Back to search

CVE-2007-6584

Published: Dec 28, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.

VendorProductVersions

n/a

n/a

affected
n/a

References

5434
exploit
x_refsource_EXPLOIT-DB
4765
exploit
x_refsource_EXPLOIT-DB
41280
vdb-entry
x_refsource_OSVDB
41283
vdb-entry
x_refsource_OSVDB
41281
vdb-entry
x_refsource_OSVDB
29810
third-party-advisory
x_refsource_SECUNIA
41282
vdb-entry
x_refsource_OSVDB
41284
vdb-entry
x_refsource_OSVDB
28753
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now