CVE-2007-0335

Jax Petition Book 1.0.3.06 - Directory Traversal via Languagepack Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-0335. PoCs published by ilker Kandemir.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Jax Petitionbook 1.0.3.06, where unsanitized user input in the 'language' parameter allows directory traversal attacks. The example URL demonstrates how an attacker could include arbitrary local files.

Description

Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by ilker Kandemir · textwebappsphp

https://www.exploit-db.com/exploits/29468

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in Jax Petitionbook 1.0.3.06, where unsanitized user input in the 'language' parameter allows directory traversal attacks. The example URL demonstrates how an attacker could include arbitrary local files.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Jax Petitionbook 1.0.3.06

No auth needed

Prerequisites: Access to the vulnerable application URL

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED