CVE-2010-1061
published 2010-03-23CVE-2010-1061: Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.36%
68.2th percentile
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpkobo | short_url | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Phpkobo Short URL 1.01 common.inc.php LANG_CODE path traversal (BID-38731 / SA38968)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1061 [MEDIUM] Phpkobo Short URL 1.01 common.inc.php LANG_CODE path traversal (BID-38731 / SA38968)
A vulnerability marked as problematic has been reported in Phpkobo Short URL 1.01. The impacted element is an unknown function in the library codelib/cfg/common.inc.php. The manipulation of the argument LANG_CODE leads to path traversal.
This vulnerability is documented as CVE-2010-1061. The attack can be initiated remotely. There is not any exploit available.
GHSA
GHSA-6j8c-92pr-49vp: Multiple directory traversal vulnerabilities in Phpkobo Short URL 1
ghsa_unreviewed·2022-05-02
CVE-2010-1061 [MEDIUM] CWE-22 GHSA-6j8c-92pr-49vp: Multiple directory traversal vulnerabilities in Phpkobo Short URL 1
Multiple directory traversal vulnerabilities in Phpkobo Short URL 1.01, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) url/app/common.inc.php and (2) codelib/cfg/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
2010-03-23
Published