CVE-2010-1063
published 2010-03-23CVE-2010-1063: Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.36%
68.2th percentile
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpkobo | free_real_estate_contact_form_script | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Phpkobo Free Real Estate Contact Form Script 1.09 common.inc.php LANG_CODE path traversal (BID-38731 / SA38967)
vuldb·2026-05-03·CVSS 6.8
CVE-2010-1063 [MEDIUM] Phpkobo Free Real Estate Contact Form Script 1.09 common.inc.php LANG_CODE path traversal (BID-38731 / SA38967)
A vulnerability classified as problematic has been found in Phpkobo Free Real Estate Contact Form Script 1.09. This impacts an unknown function in the library codelib/cfg/common.inc.php. This manipulation of the argument LANG_CODE causes path traversal.
This vulnerability appears as CVE-2010-1063. The attack may be initiated remotely. There is no available exploit.
GHSA
GHSA-mg83-2m6f-g7p3: Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1
ghsa_unreviewed·2022-05-02
CVE-2010-1063 [MEDIUM] CWE-22 GHSA-mg83-2m6f-g7p3: Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1
Multiple directory traversal vulnerabilities in Phpkobo Free Real Estate Contact Form 1.09, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the LANG_CODE parameter to (1) codelib/cfg/common.inc.php, (2) form/app/common.inc.php, and (3) staff/app/common.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2010-03-23
Published