cbcvebase.
CVE-2015-3648
published 2015-06-09

CVE-2015-3648: Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary…

PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
8.08%
94.1th percentile
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
montalaresourcespace<= 7.1.6513

Detection & IOCsextracted from sources · hover to see the quote

url/pages/setup.php?defaultlanguage=..%2f..%2f..%2f..%2f..%2fetc%2fpasswd
path/pages/setup.php
  • Look for GET requests to /pages/setup.php with a 'defaultlanguage' parameter containing dot-dot sequences (../ or URL-encoded %2f..%2f) indicating directory traversal / LFI attempts.
  • A successful exploitation response (HTTP 200) will contain the string matching 'root:.*:0:0:' in the body, indicating /etc/passwd was read and returned.
  • The canonical exploit payload uses five URL-encoded traversal steps: ..%2f..%2f..%2f..%2f..%2fetc%2fpasswd in the defaultlanguage parameter.
  • ·Vulnerability affects ResourceSpace versions prior to 7.2.6727 only; patched versions are not exploitable via this vector.
  • ·The vulnerability is unauthenticated (Au:N) and network-accessible (AV:N), meaning no credentials are required to exploit it remotely.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.