CVE-2007-0335
published 2007-01-18CVE-2007-0335: Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot…
PriorityP337medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
3.22%
86.6th percentile
Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jax_scripts | jax_petition_book | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Jax Petition 3.06 Book - 'smileys.php?languagepack' Local File Inclusion
exploitdb·2007-01-15
CVE-2007-0335 Jax Petition 3.06 Book - 'smileys.php?languagepack' Local File Inclusion
Jax Petition 3.06 Book - 'smileys.php?languagepack' Local File Inclusion
---
source: https://www.securityfocus.com/bid/22072/info
Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to have local script code execute in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
These issues affect version 1.0.3.06; other versions may also be vulnerable.
http://www.example.com/smileys.php?language=../../example_file.xxx%00?
Exploit-DB
Jax Petition Book 3.06 - 'jax_petitionbook.php?languagepack' Local File Inclusion
exploitdb·2007-01-15
CVE-2007-0335 Jax Petition Book 3.06 - 'jax_petitionbook.php?languagepack' Local File Inclusion
Jax Petition Book 3.06 - 'jax_petitionbook.php?languagepack' Local File Inclusion
---
source: https://www.securityfocus.com/bid/22072/info
Jax Petitionbook is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker can exploit these vulnerabilities using directory-traversal strings to have local script code execute in the context of the application. This may allow the attacker to access sensitive information that may aid in further attacks.
These issues affect version 1.0.3.06; other versions may also be vulnerable.
http://www.example.com/jax_petitionbook.php?language=../../example_file.xxx%00?
No writeups or analysis indexed.
http://osvdb.org/32835http://osvdb.org/32836http://secunia.com/advisories/23784http://securityreason.com/securityalert/2161http://www.securityfocus.com/archive/1/456981/100/0/threadedhttp://www.securityfocus.com/archive/1/456989/100/0/threadedhttp://www.securityfocus.com/archive/1/457077/100/0/threadedhttp://www.securityfocus.com/bid/22072http://www.vupen.com/english/advisories/2007/0220https://exchange.xforce.ibmcloud.com/vulnerabilities/31543http://osvdb.org/32835http://osvdb.org/32836http://secunia.com/advisories/23784http://securityreason.com/securityalert/2161http://www.securityfocus.com/archive/1/456981/100/0/threadedhttp://www.securityfocus.com/archive/1/456989/100/0/threadedhttp://www.securityfocus.com/archive/1/457077/100/0/threadedhttp://www.securityfocus.com/bid/22072http://www.vupen.com/english/advisories/2007/0220https://exchange.xforce.ibmcloud.com/vulnerabilities/31543
2007-01-18
Published