Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6376 — Path Traversal in Burzi Php-nuke

CWE-22 — Path Traversal4 documents4 sources

Severity

7.5HIGHNVD

CNA2.1

EPSS

0.0%

top 93.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 15

Latest updateMay 1

Description

Directory traversal vulnerability in autohtml.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the filename parameter, a different vector than CVE-2006-4190. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke8.0_final

🔴Vulnerability Details

GHSA

GHSA-v5fg-m2vg-r2jx: Directory traversal vulnerability in autohtml↗2022-05-01

▶

CVEList

CVE-2007-6376: Directory traversal vulnerability in autohtml↗2007-12-15

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke 8.0 - 'autohtml.php' Local File Inclusion↗2007-11-10

▶