PT-2007-4092 · Molyx · Molyx Board

Murderskillz

Published

2007-05-21

Updated

2017-10-11

CVE-2007-2778

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions MolyX BOARD version 2.5.0

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the lang parameter to "index.php" and other unspecified PHP scripts.

Recommendations For MolyX BOARD version 2.5.0, consider restricting access to the lang parameter in the "index.php" script until a patch is available. As a temporary workaround, avoid using the lang parameter with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2778

Affected Products

Molyx Board

PT-2007-4092 · Molyx · Molyx Board

CVE-2007-2778

Related Identifiers

Affected Products

References · 7