Directory Traversal Vulnerability in ZomPlog by ZomPlog Inc.
CVE-2007-1524

Currently unrated

Key Information:

Vendor

Zomplog

Status
Zomplog
Vendor
CVE Published:
20 March 2007

What is CVE-2007-1524?

A directory traversal vulnerability exists in ZomPlog versions 3.7.6 and earlier that permits remote attackers to exploit the application by including arbitrary local files. This occurs through manipulation of the settings[skin] parameter, where attackers can input a sequence of dot-dot (..) characters to traverse directories. A serious consequence of this vulnerability is the potential for injecting malicious PHP code into accessible files, such as Apache HTTP Server log files, which attackers can then execute by including them via the themes/default/ directory.

References

http://www.securityfocus.com/bid/22157
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2007/0966
vdb-entryx_refsource_VUPEN
https://www.exploit-db.com/exploits/3476/
exploitx_refsource_EXPLOIT-DB

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2007-1524 : Directory Traversal Vulnerability in ZomPlog by ZomPlog Inc.