Vulnerabilities > CVE-2007-1127 - Local File Include vulnerability in Watersweb Shops Shop KIT Plus Initial
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Shop Kit Plus StyleCSS.PHP Local File Include Vulnerability. CVE-2007-1127. Webapps exploit for php platform |
| id | EDB-ID:29640 |
| last seen | 2016-02-03 |
| modified | 2007-02-23 |
| published | 2007-02-23 |
| reporter | laurent gaffie |
| source | https://www.exploit-db.com/download/29640/ |
| title | Shop Kit Plus StyleCSS.PHP Local File Include Vulnerability |
References
- http://osvdb.org/33755
- http://secunia.com/advisories/24279
- http://securityreason.com/securityalert/2295
- http://www.securityfocus.com/archive/1/461071/100/0/threaded
- http://www.securityfocus.com/bid/22697
- http://www.vupen.com/english/advisories/2007/0747
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32660