Description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Remediation

References

CVE-2006-5786

Related Vulnerabilities

WordPress Plugin WP Custom Admin Login Page Logo Unspecified Vulnerability (1.4.1)

ZenCart Improper Input Validation Vulnerability (CVE-2009-4321)

WordPress Plugin Game Server Status Multiple Vulnerabilities (1.0)

WordPress Plugin MoodThingy Mood Rating Widget 'postID' Parameter Blind SQL Injection (0.8.7)

WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)

Severity

High

Classification

CVE-2006-5786

Tags

Missing Update Known Vulnerabilities