CVE-2007-6129

Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.
Configurations

Configuration 1

cpe:2.3:a:amber_script:amber_script:1.0:*:*:*:*:*:*:*

Information

Published : 2007-11-26 10:46

Updated : 2018-10-15 09:50


NVD link : CVE-2007-6129

Mitre link : CVE-2007-6129

Products Affected
No products.
CWE