PT-2007-2504 · Phptraffica · Phptraffica
Published
2007-02-22
·
Updated
2017-07-29
·
CVE-2007-1076
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
phpTrafficA versions 1.4.1 and earlier
Description:
The issue allows remote attackers to include arbitrary local files due to multiple directory traversal vulnerabilities. This can be achieved by using a .. (dot dot) in the
file parameter to "plotStat.php" and the lang parameter to "banref.php".Recommendations:
For phpTrafficA versions 1.4.1 and earlier, consider restricting access to the plotStat.php and banref.php scripts until a fix is available. As a temporary workaround, avoid using the
file and lang parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phptraffica