← back
CVE-2007-1076

CVE-2007-1076

EPSS 4.0%
Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/29626unverifiedexploitdbwww.exploit-db.com/exploits/29625unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://attrition.org/pipermail/vim/2007-February/001377.htmlhttp://osvdb.org/33373http://osvdb.org/33374http://secunia.com/advisories/24242https://exchange.xforce.ibmcloud.com/vulnerabilities/32628http://soft.zoneo.net/phpTrafficA/news.phphttp://www.bugtraq.ir/articles/file-inclusion/phpTrafficA-1.4.1-Local-File-Inclusion/1http://www.securityfocus.com/bid/22655http://www.vupen.com/english/advisories/2007/0709