Vulnerabilities > CVE-2006-7079 - Improper Control of Dynamically-Managed Code Resources vulnerability in Exv2 Content Management System

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
exv2
CWE-913
critical
exploit available

Summary

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.

Vulnerable Configurations

Part Description Count
Application
Exv2
1

Exploit-Db

descriptionexV2. CVE-2006-7079,CVE-2006-7080. Webapps exploit for php platform
fileexploits/php/webapps/2415.php
idEDB-ID:2415
last seen2016-01-31
modified2006-09-22
platformphp
port
published2006-09-22
reporterrgod
sourcehttps://www.exploit-db.com/download/2415/
titleexV2 <= 2.0.4.3 - extract Remote Command Execution Exploit
typewebapps