← back
CVE-2007-1040

CVE-2007-1040

EPSS 3.0%
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/3332unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/33225http://secunia.com/advisories/24177https://exchange.xforce.ibmcloud.com/vulnerabilities/32560https://www.exploit-db.com/exploits/3332http://www.securityfocus.com/bid/22609http://www.vupen.com/english/advisories/2007/0645