← back
CVE-2007-6584

CVE-2007-6584

EPSS 8.6%
Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang parameter to pages/print/default/ops/news.php or (2) the theme_dir parameter to pages/download/default/ops/search.php; or the admin_theme_dir parameter to (3) download.php, (4) forum.php, or (5) news.php in admin/ops/reports/ops/. NOTE: it was later reported that 1.4.2 beta and earlier are also affected for vector 1.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/5434unverifiedcve_referencewww.exploit-db.com/exploits/4765unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/41280http://osvdb.org/41281http://osvdb.org/41282http://osvdb.org/41283http://osvdb.org/41284http://secunia.com/advisories/29810https://www.exploit-db.com/exploits/4765https://www.exploit-db.com/exploits/5434http://www.securityfocus.com/bid/28753