EDB-2415webappsphp검증됨

exV2 < 2.0.4.3 - 'extract()' Remote Command Execution

rgod9/22/2006

Exploit-DB에서 보기 GitLab에서 소스 보기

AI 분석AI 기반

익스플로잇 코드

Exploit code not available in database

GitLab에서 소스 보기

CVE-2006-7080

NONE

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

3/2/2007

CVE-2006-7079

9.8CRITICAL

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...

3/2/2007CWE-22, CWE-913