CVE-2014-10037
published 2015-01-13CVE-2014-10037: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to…
PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.39%
97.0th percentile
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| domphp | domphp | <= 0.83 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests targeting /photoalbum/index.php with a 'url' parameter containing directory traversal sequences (../) and a null byte (%00), which is the canonical exploit pattern for this CVE. ↗
- →A successful exploitation response will contain the /etc/passwd file content; match on the regex pattern 'root:.*:0:0:' in HTTP 200 responses to confirm exploitation. ↗
- →The exploit requires two query parameters: 'urlancien' (empty) and 'url' (containing the traversal payload). Alert on requests to photoalbum/index.php where the 'url' parameter contains '../' sequences. ↗
- ·The null byte (%00) appended to the traversal payload is a PHP null byte injection technique used to truncate file extensions. This technique is only effective on PHP versions prior to 5.3.4 where null byte handling in file paths was fixed. ↗
- ·Affected versions are DomPHP 0.83 and earlier. The vulnerability is in the 'url' parameter of the photoalbum module specifically. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DomPHP 0.83 - Local Directory Traversal
exploitdb·2014-01-12
CVE-2014-10037 DomPHP 0.83 - Local Directory Traversal
DomPHP 0.83 - Local Directory Traversal
---
DomPHP <= v0.83 Local Directory Traversal Vulnerability
= Author : Houssamix
= Script : DomPHP <= v0.83
= Download : http://www.domphp.com/download/
= BUG : Local Directory Traversal Vulnerability
= Exploit :
http://[target]/photoalbum/index.php?urlancien=&url=[Directory]
Exemple :
http://target.com/photoalbum/index.php?urlancien=&url=../../
Nuclei
DomPHP 0.83 - Directory Traversal
nuclei·CVSS 7.5
CVE-2014-10037 [HIGH] DomPHP 0.83 - Directory Traversal
DomPHP 0.83 - Directory Traversal
A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
Template:
id: CVE-2014-10037
info:
name: DomPHP 0.83 - Directory Traversal
author: daffainfo
severity: high
description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
impact: |
An attacker can read, modify, or delete sensitive files on the server, potentially leading to unauthorized access or data leakage.
remediation: |
Upgrade to a patched version of DomPHP or apply the necessary security patches to fix the directory traversal vulnerability.
2015-01-13
Published