CVE-2007-0205

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory, then referencing that file via the lang parameter to index.php, which passes a sanity check in livre_include.php.

Published: Jan 11, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0205
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
alexphpteam / alex_guestbook	4.0.1	4.0.1.x
alexphpteam / alex_guestbook	3.12	3.12.x
alexphpteam / alex_guestbook	4.0.2	4.0.2.x
alexphpteam / alex_guestbook	3.13	3.13.x

http://acid-root.new.fr/poc/20070107.txt
http://osvdb.org/31708
http://osvdb.org/31709
http://securityreason.com/securityalert/2135
http://www.securityfocus.com/archive/1/456218/100/0/threaded
http://www.securityfocus.com/bid/21926
https://exchange.xforce.ibmcloud.com/vulnerabilities/31397
https://www.exploit-db.com/exploits/3103

Vulnerability Database

290,206

CVE-2007-0205