Vulnerabilities > CVE-2007-0098 - Unspecified vulnerability in Verliadmin

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

verliadmin

exploit available

NVD

Published: 2007-01-05

Updated: 2024-11-21

Summary

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

Vulnerable Configurations

Part	Description	Count
Application	Verliadmin Verliadmin Verliadmin *	1

Exploit-Db

description	VerliAdmin <= 0.3 (language.php) Local File Inclusion Exploit. CVE-2007-0098. Webapps exploit for php platform
file	exploits/php/webapps/3075.pl
id	EDB-ID:3075
last seen	2016-01-31
modified	2007-01-03
platform	php
port
published	2007-01-03
reporter	Kw3[R]Ln
source	https://www.exploit-db.com/download/3075/
title	VerliAdmin <= 0.3 language.php Local File Inclusion Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References