CVE-2007-0205

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.
Configurations

Configuration 1

cpe:2.3:a:alexphpteam:alex_guestbook:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:alexphpteam:alex_guestbook:3.12:*:*:*:*:*:*:*
cpe:2.3:a:alexphpteam:alex_guestbook:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:alexphpteam:alex_guestbook:3.13:*:*:*:*:*:*:*

Information

Published : 2007-01-11 10:28

Updated : 2018-10-16 04:31


NVD link : CVE-2007-0205

Mitre link : CVE-2007-0205

Products Affected
CWE