QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-6604

Back to search

CVE-2007-6604

Published: Dec 31, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.

VendorProductVersions

n/a

n/a

affected
n/a

References

4802
exploit
x_refsource_EXPLOIT-DB
27060
vdb-entry
x_refsource_BID
xcms-index-file-include(39281)
vdb-entry
x_refsource_XF
28256
third-party-advisory
x_refsource_SECUNIA
40276
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now