Vulnerabilities > CVE-2007-3082 - Local File Include vulnerability in SendCard

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sendcard

exploit available

NVD

Published: 2007-06-06

Updated: 2017-10-11

Summary

Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.

Vulnerable Configurations

Part	Description	Count
Application	Sendcard Sendcard Sendcard 1.00 Sendcard Sendcard 1.01 Sendcard Sendcard 1.02 Sendcard Sendcard 1.10 Sendcard Sendcard 1.20 Sendcard Sendcard 2.00 Sendcard Sendcard 2.01 Sendcard Sendcard 3.0.0 Sendcard Sendcard 3.0.1 Sendcard Sendcard 3.0.2 Sendcard Sendcard 3.0.3 Sendcard Sendcard 3.0.4 Sendcard Sendcard 3.0.5 Sendcard Sendcard 3.1.0 Sendcard Sendcard 3.1.1 Sendcard Sendcard 3.1.2 Sendcard Sendcard 3.2 Sendcard Sendcard 3.2.0 Sendcard Sendcard 3.2.1 Sendcard Sendcard 3.2.2 Sendcard Sendcard 3.2.3 Sendcard Sendcard 3.3.0 Sendcard Sendcard 3.3.1 Sendcard Sendcard 3.3.2 Sendcard Sendcard 3.3.3 Sendcard Sendcard 3.4.0 Sendcard Sendcard 3.4.1	31

Exploit-Db

description	Sendcard <= 3.4.1 (Local File Inclusion) Remote Code Execution Exploit. CVE-2007-3082. Webapps exploit for php platform
file	exploits/php/webapps/4029.php
id	EDB-ID:4029
last seen	2016-01-31
modified	2007-06-04
platform	php
port
published	2007-06-04
reporter	Silentz
source	https://www.exploit-db.com/download/4029/
title	Sendcard <= 3.4.1 Local File Inclusion Remote Code Execution Exploit
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References