cbcvebase.
CVE-2014-10037
published 2015-01-13

CVE-2014-10037: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to…

PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
19.39%
97.0th percentile
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
domphpdomphp<= 0.83

Detection & IOCsextracted from sources · hover to see the quote

url/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00
path/photoalbum/index.php
  • Look for HTTP GET requests targeting /photoalbum/index.php with a 'url' parameter containing directory traversal sequences (../) and a null byte (%00), which is the canonical exploit pattern for this CVE.
  • A successful exploitation response will contain the /etc/passwd file content; match on the regex pattern 'root:.*:0:0:' in HTTP 200 responses to confirm exploitation.
  • The exploit requires two query parameters: 'urlancien' (empty) and 'url' (containing the traversal payload). Alert on requests to photoalbum/index.php where the 'url' parameter contains '../' sequences.
  • ·The null byte (%00) appended to the traversal payload is a PHP null byte injection technique used to truncate file extensions. This technique is only effective on PHP versions prior to 5.3.4 where null byte handling in file paths was fixed.
  • ·Affected versions are DomPHP 0.83 and earlier. The vulnerability is in the 'url' parameter of the photoalbum module specifically.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.