CVE-2007-3251

Properties

Published:
17.06.2007
Updated:
20.10.2017
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:C/I:N/A:N)
Product:
e-vision: e-vision_cms

Vulnerability description

Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.

References:

BID: http://www.securityfocus.com/bid/24398
VUPEN: http://www.vupen.com/english/advisories/2007/2123
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/34792
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/34794
EXPLOIT-DB: https://www.exploit-db.com/exploits/4054