Описание
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0609
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34152
- http://secunia.com/advisories/25153
- http://securityreason.com/securityalert/2662
- http://www.netvigilance.com/advisory0012
- http://www.netvigilance.com/advisory0013
- http://www.securityfocus.com/archive/1/467937/100/0/threaded
- http://www.securityfocus.com/archive/1/467941/100/0/threaded
- http://www.securityfocus.com/bid/23876
- http://www.vupen.com/english/advisories/2007/1726
EPSS
CVE ID
Связанные уязвимости
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
EPSS