CVE-2007-0893

phpMyVisites < 2.2 - Path Traversal via pmv_ck_view Cookie Parameter

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme.

References (5)

Core 5
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=117121596803908&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32433
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/459792/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22516
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/33178

Scores

EPSS 0.0266
EPSS Percentile 83.9%

Details

CWE
CWE-22
Status published
Products (9)
matthieu_aubry/phpmyvisites 0.1_beta
matthieu_aubry/phpmyvisites 1.0
matthieu_aubry/phpmyvisites 1.1
matthieu_aubry/phpmyvisites 1.2
matthieu_aubry/phpmyvisites 1.2.1
matthieu_aubry/phpmyvisites 1.2.2
matthieu_aubry/phpmyvisites 1.2_beta
matthieu_aubry/phpmyvisites 1.3
matthieu_aubry/phpmyvisites < 2.1
Published Feb 12, 2007
Tracked Since Feb 18, 2026