CVE-2007-2069
published 2007-04-18CVE-2007-2069: Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
7.24%
93.6th percentile
Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openmairie | openannuaire | — | — |
| openmairie | opencatalogue | — | — |
| openmairie | opencominterne | — | — |
| openmairie | opencourrier | — | — |
| openmairie | opencourrier | — | — |
| openmairie | openfoncier | — | — |
| openmairie | openmairie | <= 1.11 | — |
| openmairie | openplanning | — | — |
| openmairie | openpresse | — | — |
| openmairie | openregistrecil | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-cc87-ccgm-46gj: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1935 [HIGH] CWE-22 GHSA-cc87-ccgm-46gj: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie Openpresse 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
GHSA
GHSA-3gqp-82mq-g26g: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1999 [HIGH] CWE-22 GHSA-3gqp-82mq-g26g: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in OpenMairie Opencatalogue 1.024, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
GHSA
GHSA-vxhf-wm7p-vvvm: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1920 [HIGH] CWE-22 GHSA-vxhf-wm7p-vvvm: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in OpenMairie openAnnuaire 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
GHSA
GHSA-f6vf-hwhh-9vjp: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1926 [HIGH] CWE-22 GHSA-f6vf-hwhh-9vjp: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie openCourrier 2.02 and 2.03 beta, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-rrv6-v26v-p7x6: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1936 [HIGH] CWE-22 GHSA-rrv6-v26v-p7x6: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie openComInterne 1.01, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
GHSA
GHSA-jp6x-8xrv-ww5p: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1947 [HIGH] CWE-22 GHSA-jp6x-8xrv-ww5p: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie Openregistrecil 1.02, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter. NOTE: this may be related to CVE-2007-2069.
GHSA
GHSA-qjw3-gg35-j8hf: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1928 [HIGH] CWE-22 GHSA-qjw3-gg35-j8hf: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie openPlanning 1.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
GHSA
GHSA-q3gh-x999-cq66: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-1948 [HIGH] CWE-22 GHSA-q3gh-x999-cq66: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie Openfoncier 2.00, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the dsn[phptype] parameter, a related issue to CVE-2007-2069.
GHSA
GHSA-f6w8-94r2-grg6: Directory traversal vulnerability in scr/soustab
ghsa_unreviewed·2022-05-01
CVE-2007-2069 [HIGH] GHSA-f6w8-94r2-grg6: Directory traversal vulnerability in scr/soustab
Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37416http://www.securityfocus.com/bid/23505http://www.vupen.com/english/advisories/2007/1421https://exchange.xforce.ibmcloud.com/vulnerabilities/33700https://www.exploit-db.com/exploits/3747http://osvdb.org/37416http://www.securityfocus.com/bid/23505http://www.vupen.com/english/advisories/2007/1421https://exchange.xforce.ibmcloud.com/vulnerabilities/33700https://www.exploit-db.com/exploits/3747
2007-04-18
Published