Vulnerability CVE-2006-7117
Published: 2007-03-05   Modified: 2012-02-12

Description:
Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Kubix -> Kubix 

 References:
http://xforce.iss.net/xforce/xfdb/30572
http://xforce.iss.net/xforce/xfdb/30570
http://www.securityfocus.com/bid/21352
http://www.milw0rm.com/exploits/2863
Copyright 2024, cxsecurity.com

 

Back to Top