CVE-2007-0098

VerliAdmin < 0.3 - Directory Traversal via Language Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0098. PoCs published by Kw3[R]Ln.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in VerliAdmin <= 0.3 by injecting PHP code into Apache log files via HTTP requests, then triggering remote command execution through a maliciously crafted cookie.

Description

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kw3[R]Ln · perlwebappsphp
https://www.exploit-db.com/exploits/3075

This exploit targets a file inclusion vulnerability in VerliAdmin <= 0.3 by injecting PHP code into Apache log files via HTTP requests, then triggering remote command execution through a maliciously crafted cookie.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: VerliAdmin <= 0.3
No auth needed
Prerequisites: magic_quotes_gpc = off · write access to Apache log files · knowledge of log file paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/32352
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3075
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0035
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/31241

Scores

EPSS 0.0205
EPSS Percentile 78.7%

Details

Status published
Products (1)
verliadmin/verliadmin < 0.3
Published Jan 05, 2007
Tracked Since Feb 18, 2026