Vulnerabilities > CVE-2007-3312 - Input Validation vulnerability in Efstratios Geroulis Jasmine CMS 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Jasmine CMS 1.0 SQL Injection/Remote Code Execution Exploit. CVE-2007-3312,CVE-2007-3313. Webapps exploit for php platform |
file | exploits/php/webapps/4081.php |
id | EDB-ID:4081 |
last seen | 2016-01-31 |
modified | 2007-06-19 |
platform | php |
port | |
published | 2007-06-19 |
reporter | Silentz |
source | https://www.exploit-db.com/download/4081/ |
title | Jasmine CMS 1.0 - SQL Injection/Remote Code Execution Exploit |
type | webapps |