Description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Remediation

References

CVE-2006-5786

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2021-4104)

WordPress Plugin Spiffy Calendar Cross-Site Scripting (3.2.0)

WordPress Plugin School Management System-WPSchoolPress Multiple Cross-Site Scripting Vulnerabilities (2.1.16)

WordPress Plugin Async JavaScript Security Bypass (2.19.07.14)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.18)

Severity

High

Classification

CVE-2006-5786

Tags

Missing Update Known Vulnerabilities