Directory Traversal Vulnerabilities in TuMusika Evolution by TuMusika
CVE-2007-6188

Currently unrated

Key Information:

Vendor: Tumusika Evolution
Status: Tumusika Evolution
Vendor: CVE Published:; 30 November 2007

🔔 Create Tumusika Evolution Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

What is CVE-2007-6188?

TuMusika Evolution 1.7R5 contains multiple directory traversal vulnerabilities that allow remote attackers to exploit the application. By manipulating the language parameter in various scripts such as languages_n.php, languages_f.php, and languages.php, attackers can include and execute arbitrary local files. Additionally, the uri parameter in frames/nogui/sc_download.php is also vulnerable, enabling unauthorized access to read sensitive local files. This security flaw poses a significant risk to the integrity and confidentiality of the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-6188 - Proof of Concept

References

http://osvdb.org/42451

vdb-entryx_refsource_OSVDB

https://exchange.xforce.ibmcloud.com/vulnerabilities/38720

vdb-entryx_refsource_XF

http://osvdb.org/42450

vdb-entryx_refsource_OSVDB

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 30, 2007
👾
Exploit known to exist
Nov 30, 2007
Vulnerability published
Nov 30, 2007
Vulnerability Reserved
Nov 29, 2007

CVE-2007-6188 Data

JSON