CVE-2010-1057
published 2010-03-23CVE-2010-1057: Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to…
PriorityP333medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.44%
82.3th percentile
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpkobo | adfreely | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Phpkobo AdFreely 1.01 staff/file.php LANG_CODE path traversal (EDB-11722 / XFDB-56865)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1057 [MEDIUM] Phpkobo AdFreely 1.01 staff/file.php LANG_CODE path traversal (EDB-11722 / XFDB-56865)
A vulnerability was found in Phpkobo AdFreely 1.01. It has been rated as problematic. This vulnerability affects unknown code of the file staff/file.php. This manipulation of the argument LANG_CODE causes path traversal.
This vulnerability is tracked as CVE-2010-1057. The attack is possible to be carried out remotely. Moreover, an exploit is present.
GHSA
GHSA-9g72-7ff3-wfq3: Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1
ghsa_unreviewed·2022-05-02
CVE-2010-1057 [MEDIUM] CWE-22 GHSA-9g72-7ff3-wfq3: Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1
Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka Ad Board Script) 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a ..// (dot dot slash slash) in the LANG_CODE parameter to common.inc.php in (1) codelib/cfg/, (2) codelib/sys/, (3) staff/, and (4) staff/app/; and (5) staff/file.php. NOTE: some of these details are obtained from third party information.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/62926http://secunia.com/advisories/38947http://www.exploit-db.com/exploits/11722http://www.securityfocus.com/bid/38731http://www.vupen.com/english/advisories/2010/0611https://exchange.xforce.ibmcloud.com/vulnerabilities/56858https://exchange.xforce.ibmcloud.com/vulnerabilities/56865http://osvdb.org/62926http://secunia.com/advisories/38947http://www.exploit-db.com/exploits/11722http://www.securityfocus.com/bid/38731http://www.vupen.com/english/advisories/2010/0611https://exchange.xforce.ibmcloud.com/vulnerabilities/56858https://exchange.xforce.ibmcloud.com/vulnerabilities/56865
2010-03-23
Published