Vulnerabilities > CVE-2007-3535 - File-Upload vulnerability in GL-SH Deaf Forum

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
frank-karau
exploit available
NVD
Published: 2007-07-03
Updated: 2017-09-29

Summary

Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) FORUM_LANGUAGE parameter to functions.php or the (2) style parameter to bottom.php. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

Vulnerable Configurations

Part Description Count
Application
Frank_Karau
1

Exploit-Db

  • descriptionGL-SH Deaf Forum <= 6.5.5 Multiple Remote Vulnerabilities. CVE-2007-3535. Webapps exploit for php platform
    idEDB-ID:5870
    last seen2016-01-31
    modified2008-06-20
    published2008-06-20
    reporterBugReport.IR
    sourcehttps://www.exploit-db.com/download/5870/
    titlegl-sh deaf forum <= 6.5.5 - Multiple Vulnerabilities
  • descriptionGL-SH Deaf Forum <= 6.4.4 Local File Inclusion Vulnerabilities. CVE-2007-3535. Webapps exploit for php platform
    fileexploits/php/webapps/4124.txt
    idEDB-ID:4124
    last seen2016-01-31
    modified2007-06-28
    platformphp
    port
    published2007-06-28
    reporterKatatafish
    sourcehttps://www.exploit-db.com/download/4124/
    titleGL-SH Deaf Forum <= 6.4.4 - Local File Inclusion Vulnerabilities
    typewebapps

References