← back
CVE-2007-1524

CVE-2007-1524

EPSS 3.2%
Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into an Apache HTTP Server log file, which can then be included via themes/default/.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/3476/unverifiedexploitdbwww.exploit-db.com/exploits/3476unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/24520https://exchange.xforce.ibmcloud.com/vulnerabilities/32982https://www.exploit-db.com/exploits/3476/http://www.securityfocus.com/bid/22157http://www.vupen.com/english/advisories/2007/0966