Description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Remediation

References

CVE-2006-5786

Related Vulnerabilities

WordPress Plugin All-in-One WP Migration Security Bypass (7.14)

WordPress Plugin PowerPress Podcasting by Blubrry Unspecified Vulnerability (8.6.1)

WordPress Plugin MP3-jPlayer Local File Disclosure (2.3)

Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-5674)

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2013-6501)

Severity

High

Classification

CVE-2006-5786

Tags

Missing Update Known Vulnerabilities