CVE-2010-1062

EPSS 1.9%

Directory traversal vulnerability in codelib/sys/common.inc.php in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the LANG_CODE parameter. NOTE: some of these details are obtained from third party information.

Affected products

n/a · n/a

public PoCs found — 3

cve_referencepacketstormsecurity.org/1003-exploits/frecf-lfi.txtunverified cve_referencewww.exploit-db.com/exploits/11773unverified exploitdbwww.exploit-db.com/exploits/11773unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.org/1003-exploits/frecf-lfi.txt http://secunia.com/advisories/38967 http://www.exploit-db.com/exploits/11773 http://www.securityfocus.com/bid/38731