CVE-2007-5802
published 2007-11-03CVE-2007-5802: Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.92%
89.0th percentile
Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a duplicate function declaration.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| firewolf_technologies | synergiser | <= 1.2_rc1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Synergiser 1.2 RC1 - Local File Inclusion / Full Path Disclosure
exploitdb·2007-11-02
CVE-2007-5802 Synergiser 1.2 RC1 - Local File Inclusion / Full Path Disclosure
Synergiser 1.2 RC1 - Local File Inclusion / Full Path Disclosure
---
____ __________ __ ____ __
/_ | ____ |__\_____ \ _____/ |_ /_ |/ |_
| |/ \ | | _(__ __| |___||__|
\/\______| \/ \/
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
Synergiser <= 1.2 RC1 Local File Inclusion & Full path disclosure
Download: http://sourceforge.net/project/downloading.php?
group_id=169910&use_mirror=kent&filename=synergiser-1.13_final.tar.gz&53405269
#By KiNgOfThEwOrLd
Local File Inclusion PoC:
Synergiser cms allows to include a file by the get variabile "page". We can't
include a remote file, coz there is a filter..but we can include, by a
directory traversal, some important files...for example:
http://[target]/[synergiser_path]/index.php?page=../../../etc/passwd
Full Path Disclosure PoC:
So, w
Exploit-DB
Synergiser 1.2 - 'index.php' Local File Inclusion
exploitdb·2007-11-01
CVE-2007-5802 Synergiser 1.2 - 'index.php' Local File Inclusion
Synergiser 1.2 - 'index.php' Local File Inclusion
---
source: https://www.securityfocus.com/bid/26289/info
Synergiser is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.
Exploiting this issue may allow an unauthorized user to view files and execute local scripts.
Synergiser 1.2 RC1 is vulnerable to this issue; other versions may also be affected.
http://www.example.com/index.php?page=../../../../../../../../../../../etc/passwd
No writeups or analysis indexed.
http://osvdb.org/38371http://secunia.com/advisories/27466http://securityreason.com/securityalert/3335http://www.inj3ct-it.org/exploit/syner.txthttp://www.securityfocus.com/archive/1/483099/100/0/threadedhttp://www.securityfocus.com/bid/26289http://www.vupen.com/english/advisories/2007/3745https://exchange.xforce.ibmcloud.com/vulnerabilities/38217https://exchange.xforce.ibmcloud.com/vulnerabilities/38218http://osvdb.org/38371http://secunia.com/advisories/27466http://securityreason.com/securityalert/3335http://www.inj3ct-it.org/exploit/syner.txthttp://www.securityfocus.com/archive/1/483099/100/0/threadedhttp://www.securityfocus.com/bid/26289http://www.vupen.com/english/advisories/2007/3745https://exchange.xforce.ibmcloud.com/vulnerabilities/38217https://exchange.xforce.ibmcloud.com/vulnerabilities/38218
2007-11-03
Published