CVE-2007-6079
bcoos 1.0.10 - Local File Inclusion / SQL Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.
Vulnerabilidad de salto de directorio en include/common.php de bcoos 1.0.10 permite a atacantes remotos incluir y ejecutar ficheros locales de su elección mediante un .. (punto punto) en el parámetro xoopsOption[pagetype] para el URI por defecto de modules/news/. NOTA: esto puede ser aprovechado usando funcionalidad legítima del producto para enviar un archivo que contenga el código, y después incluyendo ese archivo.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-21 CVE Reserved
- 2007-11-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.vupen.com/english/advisories/2007/3962 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/38592 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/4637 | 2024-08-07 | |
http://www.securityfocus.com/bid/26505 | 2024-08-07 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|