Vulnerabilities > CVE-2007-3251 - Input Validation vulnerability in E-Vision CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
NONE Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit. CVE-2007-3214,CVE-2007-3251. Webapps exploit for php platform |
file | exploits/php/webapps/4054.php |
id | EDB-ID:4054 |
last seen | 2016-01-31 |
modified | 2007-06-08 |
platform | php |
port | |
published | 2007-06-08 |
reporter | Silentz |
source | https://www.exploit-db.com/download/4054/ |
title | e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit |
type | webapps |
References
- http://osvdb.org/38466
- http://osvdb.org/38467
- http://secunia.com/advisories/25605
- http://www.securityfocus.com/bid/24398
- http://www.vupen.com/english/advisories/2007/2123
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34792
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34794
- https://www.exploit-db.com/exploits/4054