EDB-2415webappsphp已验证

exV2 < 2.0.4.3 - 'extract()' Remote Command Execution

rgod9/22/2006

在Exploit-DB查看在GitLab查看源代码

AI分析AI驱动

漏洞利用代码

Exploit code not available in database

在GitLab查看源代码

CVE-2006-7080

NONE

Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.

3/2/2007

CVE-2006-7079

9.8CRITICAL

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute ...

3/2/2007CWE-22, CWE-913