Lucene search

PRIOn knowledge basePRION:CVE-2007-0205

HistoryJan 11, 2007 - 10:28 p.m.

Directory traversal

2007-01-1122:28:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.032 Low

EPSS

Percentile

91.2%

JSON

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via “…” sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

CPENameOperatorVersion
alex_guestbookeq4.0.1
alex_guestbookeq3.12
alex_guestbookeq4.0.2
alex_guestbookeq3.13

Name	Operator	Version
alex_guestbook	eq	4.0.1
alex_guestbook	eq	3.12
alex_guestbook	eq	4.0.2
alex_guestbook	eq	3.13

References

acid-root.new.fr/poc/20070107.txt

osvdb.org/31708

osvdb.org/31709

securityreason.com/securityalert/2135

www.securityfocus.com/archive/1/456218/100/0/threaded

www.securityfocus.com/bid/21926

exchange.xforce.ibmcloud.com/vulnerabilities/31397

www.exploit-db.com/exploits/3103