Vulnerabilities > CVE-2007-3535 - File-Upload vulnerability in GL-SH Deaf Forum
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description GL-SH Deaf Forum <= 6.5.5 Multiple Remote Vulnerabilities. CVE-2007-3535. Webapps exploit for php platform id EDB-ID:5870 last seen 2016-01-31 modified 2008-06-20 published 2008-06-20 reporter BugReport.IR source https://www.exploit-db.com/download/5870/ title gl-sh deaf forum <= 6.5.5 - Multiple Vulnerabilities description GL-SH Deaf Forum <= 6.4.4 Local File Inclusion Vulnerabilities. CVE-2007-3535. Webapps exploit for php platform file exploits/php/webapps/4124.txt id EDB-ID:4124 last seen 2016-01-31 modified 2007-06-28 platform php port published 2007-06-28 reporter Katatafish source https://www.exploit-db.com/download/4124/ title GL-SH Deaf Forum <= 6.4.4 - Local File Inclusion Vulnerabilities type webapps