EDB-2415webappsphpVERIFICADO

exV2 < 2.0.4.3 - 'extract()' Remote Command Execution

rgod9/22/2006

Ver en Exploit-DB Ver Fuente en GitLab

Análisis IAImpulsado por IA

Código del Exploit

Exploit code not available in database

Ver Fuente en GitLab

CVEs Relacionados (2)

CVE-2006-7080

NONE

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

3/2/2007

CVE-2006-7079

9.8CRITICAL

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...

3/2/2007CWE-22, CWE-913