Vulnerabilities > CVE-2007-1636 - Local File Include vulnerability in Roseonlinecms 3B1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | RoseOnlineCMS 3 beta2 (op) Local File Inclusion Exploit. CVE-2007-1636. Webapps exploit for php platform |
file | exploits/php/webapps/3548.pl |
id | EDB-ID:3548 |
last seen | 2016-01-31 |
modified | 2007-03-23 |
platform | php |
port | |
published | 2007-03-23 |
reporter | GoLd_M |
source | https://www.exploit-db.com/download/3548/ |
title | RoseOnlineCMS 3 beta2 op Local File Inclusion Exploit |
type | webapps |