CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-7117

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.021

EPSS Ranking 83.3%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.securityfocus.com/bid/21352
https://exchange.xforce.ibmcloud.com/vulnerabilities/30570
https://exchange.xforce.ibmcloud.com/vulnerabilities/30572
https://www.exploit-db.com/exploits/2863
http://www.securityfocus.com/bid/21352
https://exchange.xforce.ibmcloud.com/vulnerabilities/30570
https://exchange.xforce.ibmcloud.com/vulnerabilities/30572
https://www.exploit-db.com/exploits/2863

Products affected by CVE-2006-7117

Kubix » Kubix » Version: Any

cpe:2.3:a:kubix:kubix:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-7117

Products

Pricing

Contact Us