Description

Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php.

Remediation

References

CVE-2006-5786

Related Vulnerabilities

WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)

WordPress Plugin Responsive Slider-Image Slider-Slideshow for WordPress SQL Injection (2.6.8)

PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3436)

Joomla! Core 3.x.x Cross-Site Request Forgery (3.7.0 - 3.9.18)

WordPress Plugin WP-UserOnline Cross-Site Scripting (2.88.0)

Severity

High

Classification

CVE-2006-5786

Tags

Missing Update Known Vulnerabilities