Description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Remediation

References

CVE-2006-5786

Related Vulnerabilities

MySQL CVE-2018-3283 Vulnerability (CVE-2018-3283)

PrestaShop Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-25170)

WordPress Plugin Banner Effect Header Cross-Site Request Forgery (1.2.6)

e107 Other Vulnerability (CVE-2006-4548)

WordPress Plugin Gutenberg & Elementor Templates Importer For Responsive Security Bypass (2.2.5)

Severity

High

Classification

CVE-2006-5786

Tags

Missing Update Known Vulnerabilities