Vulnerabilities > CVE-2007-1906 - Local File Include vulnerability in eCardMAX HotEditor
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in richedit/keyboard.php in eCardMAX HotEditor (Hot Editor) 4.0, and the HotEditor plugin for MyBB, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the first parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Exploit-Db
| description | eCardMAX HotEditor 4.0 Keyboard.PHP Local File Include Vulnerability. CVE-2007-1906 . Webapps exploit for php platform |
| id | EDB-ID:29827 |
| last seen | 2016-02-03 |
| modified | 2007-04-09 |
| published | 2007-04-09 |
| reporter | Liz0ziM |
| source | https://www.exploit-db.com/download/29827/ |
| title | eCardMAX HotEditor 4.0 Keyboard.PHP Local File Include Vulnerability |
References
- http://osvdb.org/34776
- http://secunia.com/advisories/24825
- http://securityreason.com/securityalert/2533
- http://www.expw0rm.com/hot-editor-v40-local-file-inclusion_no113.html
- http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html
- http://www.securityfocus.com/archive/1/465092/100/0/threaded
- http://www.securityfocus.com/archive/1/465094/100/0/threaded
- http://www.securityfocus.com/bid/23377
- http://www.vupen.com/english/advisories/2007/1315
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33521