CVE-2007-0609
published 2007-05-09CVE-2007-0609: Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or…
PriorityP337medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
7.51%
93.7th percentile
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extension, as demonstrated via a request to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced_guestbook | advanced_guestbook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/25153http://securityreason.com/securityalert/2662http://www.netvigilance.com/advisory0012http://www.netvigilance.com/advisory0013http://www.securityfocus.com/archive/1/467937/100/0/threadedhttp://www.securityfocus.com/archive/1/467941/100/0/threadedhttp://www.securityfocus.com/bid/23876http://www.vupen.com/english/advisories/2007/1726https://exchange.xforce.ibmcloud.com/vulnerabilities/34152http://secunia.com/advisories/25153http://securityreason.com/securityalert/2662http://www.netvigilance.com/advisory0012http://www.netvigilance.com/advisory0013http://www.securityfocus.com/archive/1/467937/100/0/threadedhttp://www.securityfocus.com/archive/1/467941/100/0/threadedhttp://www.securityfocus.com/bid/23876http://www.vupen.com/english/advisories/2007/1726https://exchange.xforce.ibmcloud.com/vulnerabilities/34152
2007-05-09
Published