PT-2007-3014 · Apache+1 · Apache Http Server+1

Gold_M

Published

2007-03-23

Updated

2017-10-11

CVE-2007-1633

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Giorgio Ciranni Splatt Forum version 4.0 RC1

Description: The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter. This can be demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by bbcode ref.php.

Recommendations: For Giorgio Ciranni Splatt Forum version 4.0 RC1, consider restricting access to the bbcode ref.php module until a patch is available. As a temporary workaround, avoid using the name parameter in the bbcode ref.php module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1633

Affected Products

Apache Http Server

Giorgio Ciranni Splatt Forum

PT-2007-3014 · Apache+1 · Apache Http Server+1

CVE-2007-1633

Related Identifiers

Affected Products

References · 5