EDB-2415webappsphpVERIFIED

exV2 < 2.0.4.3 - 'extract()' Remote Command Execution

rgod9/22/2006

View on Exploit-DB View Source on GitLab

AI AnalysisPowered by AI

Exploit Code

Exploit code not available in database

View Source on GitLab

Related CVEs (2)

CVE-2006-7080

NONE

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

3/2/2007

CVE-2006-7079

9.8CRITICAL

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...

3/2/2007CWE-22, CWE-913