Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2007-03-06T01:00:00
Updated: 2024-08-07T20:50:06.110Z
Reserved: 2007-03-05T00:00:00
Link: CVE-2006-7117
Vulnrichment
No data.
NVD
Status : Modified
Published: 2007-03-06T01:19:00.000
Modified: 2017-10-11T01:31:29.517
Link: CVE-2006-7117
Redhat
No data.