EDB-2415webappsphpVERIFIZIERT

exV2 < 2.0.4.3 - 'extract()' Remote Command Execution

rgod9/22/2006

Auf Exploit-DB ansehen Quelle auf GitLab ansehen

KI-AnalyseKI-gestützt

Exploit-Code

Exploit code not available in database

Quelle auf GitLab ansehen

CVE-2006-7080

NONE

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

3/2/2007

CVE-2006-7079

9.8CRITICAL

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...

3/2/2007CWE-22, CWE-913