PT-2007-6988 · Vigile · Vigilecms

Devilauron

Published

2007-11-22

Updated

2018-10-15

CVE-2007-6086

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions VigileCMS version 1.4

Description A directory traversal issue in index.php allows remote attackers to include and execute arbitrary local files by using directory traversal sequences in the module parameter.

Recommendations For VigileCMS version 1.4, consider restricting access to the module parameter in the index.php file to minimize the risk of exploitation. Avoid using the module parameter with untrusted input until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2007-6086

Affected Products

Vigilecms

PT-2007-6988 · Vigile · Vigilecms

CVE-2007-6086

Weakness Enumeration

Related Identifiers

Affected Products

References · 5