cbcvebase.
CVE-2007-1232
published 2007-03-03

CVE-2007-1232: Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme…

PriorityP340medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
37.53%
98.3th percentile
Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.

Affected

1 ranges
VendorProductVersion rangeFixed in
sqlite_managersqlite_manager

Detection & IOCsextracted from sources · hover to see the quote

cookieSQLiteManager_currentTheme=../../../../../../../../../../../../../etc/passwd%00
  • Detect directory traversal sequences (e.g., '../') in the SQLiteManager_currentTheme cookie value
  • Look for null byte (%00) appended to path traversal strings in the SQLiteManager_currentTheme cookie, used to truncate file extension checks
  • Monitor HTTP requests to SQLiteManager endpoints where the SQLiteManager_currentTheme cookie contains path traversal patterns targeting sensitive files such as /etc/passwd
  • ·The null byte (%00) terminator in the cookie payload may be URL-decoded before inspection; ensure detection logic handles both encoded (%00) and decoded (null byte) forms
  • ·Vulnerability is confirmed in SQLiteManager 1.2.0; other versions may also be affected and should be assessed
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.