← back
CVE-2007-1636

CVE-2007-1636

EPSS 2.9%
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/3548unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/38601https://exchange.xforce.ibmcloud.com/vulnerabilities/33185https://www.exploit-db.com/exploits/3548http://www.securityfocus.com/bid/23108http://www.vupen.com/english/advisories/2007/1094