Vulnerabilities > CVE-2007-3619 - Local File Include vulnerability in Maia Mailguard Login.PHP
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. Successful exploitation requires that "magic_quotes_gpc" is disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Maia Mailguard 1.0.2 Login.PHP Multiple Local File Include Vulnerabilities. CVE-2007-3619. Webapps exploit for php platform |
id | EDB-ID:30277 |
last seen | 2016-02-03 |
modified | 2007-07-05 |
published | 2007-07-05 |
reporter | Adriel T. Desautels |
source | https://www.exploit-db.com/download/30277/ |
title | Maia Mailguard 1.0.2 Login.PHP Multiple Local File Include Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | MAILGUARD_LANG_FILE_INCLUDE.NASL |
description | The remote host is running Maia Mailguard, a spam and virus management system written in PHP. The version of Maia Mailguard installed on the remote host fails to sanitize user input to the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 25673 |
published | 2007-07-06 |
reporter | This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/25673 |
title | Maia Mailguard login.php lang Parameter Local File Inclusion |
code |
|
References
- http://osvdb.org/37884
- http://secunia.com/advisories/25951
- http://securityreason.com/securityalert/2864
- http://www.maiamailguard.org/maia/changeset/1184
- http://www.maiamailguard.org/maia/ticket/479
- http://www.netragard.com/pdfs/research/NETRAGARD-20070628-MAILGUARD.txt
- http://www.securityfocus.com/archive/1/472886/100/0/threaded
- http://www.securityfocus.com/bid/24770
- http://www.securitytracker.com/id?1018338
- http://www.vupen.com/english/advisories/2007/2456