CVE-2007-1232
published 2007-03-03CVE-2007-1232: Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme…
PriorityP340medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
37.53%
98.3th percentile
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sqlite_manager | sqlite_manager | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect directory traversal sequences (e.g., '../') in the SQLiteManager_currentTheme cookie value ↗
- →Look for null byte (%00) appended to path traversal strings in the SQLiteManager_currentTheme cookie, used to truncate file extension checks ↗
- →Monitor HTTP requests to SQLiteManager endpoints where the SQLiteManager_currentTheme cookie contains path traversal patterns targeting sensitive files such as /etc/passwd ↗
- ·The null byte (%00) terminator in the cookie payload may be URL-decoded before inspection; ensure detection logic handles both encoded (%00) and decoded (null byte) forms ↗
- ·Vulnerability is confirmed in SQLiteManager 1.2.0; other versions may also be affected and should be assessed ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/33801http://secunia.com/advisories/24296http://securityreason.com/securityalert/2366http://www.securityfocus.com/archive/1/461304/100/0/threadedhttp://www.securityfocus.com/bid/22727https://exchange.xforce.ibmcloud.com/vulnerabilities/32693http://osvdb.org/33801http://secunia.com/advisories/24296http://securityreason.com/securityalert/2366http://www.securityfocus.com/archive/1/461304/100/0/threadedhttp://www.securityfocus.com/bid/22727https://exchange.xforce.ibmcloud.com/vulnerabilities/32693
2007-03-03
Published