Description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Remediation

References

CVE-2006-5786

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2007-1742)

MediaWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-25869)

MySQL Improper Input Validation Vulnerability (CVE-2017-3256)

Artifactory Missing Authorization Vulnerability (CVE-2019-10323)

WordPress Plugin wp superb Slideshow 'upload.php' Arbitrary File Upload (2.2)

Severity

High

Classification

CVE-2006-5786

Tags

Missing Update Known Vulnerabilities