CVE-2006-4721

CCleague Pro Sports CMS 1.0.1 RC1 - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the language Cookie parameter, as demonstrated by executing PHP code via a log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2333

View Code ZIP pw:eip

References (7)

[Exploit, Vendor Advisory] http://secunia.com/advisories/21843

[Various Sources] http://sn4k3.persiangig.com/Expl0it/CCleaguePro_V1.0.1RC1%20Directory%20Traversal%20Vulnerability.txt

[Various Sources] http://unkn0wn.awardspace.com/Blog/?p=46

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/463191/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/463217/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2333

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/3549

Scores

EPSS 0.1355

EPSS Percentile 94.2%

Details

Status published

Products (1)

ccleague/pro_sports_cms 1.0.1_rc1

Published Sep 12, 2006

Tracked Since Feb 18, 2026