exploitDog

CVE-2006-7117

Опубликовано: 06 мар. 2007

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kubix:kubix:*:*:*:*:*:*:*:*

Версия до 0.7 (включая)

EPSS

Процентиль: 89%

0.04702

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-4jww-mhxc-7mmm

github

почти 4 года назад

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

EPSS

Процентиль: 89%

0.04702

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-22