CVE-2006-5786

Properties

Published:
06.11.2006
Updated:
26.02.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
e107: e107

Vulnerability description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via".."sequences in the e107language_e107cookie cookie to gsitemap.php.

References:

Milw0rm: http://www.milw0rm.com/exploits/2711
BID: http://www.securityfocus.com/bid/20913
XF: http://xforce.iss.net/xforce/xfdb/30030
MILW0RM: http://milw0rm.com/exploits/2711