CVE-2007-1076

phpTrafficA <1.4.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-1076. PoCs published by Hamid Ebadi.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in phpTrafficA 1.4.1, allowing attackers to read arbitrary files via unsanitized input in the 'file' parameter. No actual exploit code is included, only a description and example URL.

Description

Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Hamid Ebadi · textwebappsphp
https://www.exploit-db.com/exploits/29625

The provided text describes a directory traversal vulnerability in phpTrafficA 1.4.1, allowing attackers to read arbitrary files via unsanitized input in the 'file' parameter. No actual exploit code is included, only a description and example URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: phpTrafficA 1.4.1
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Hamid Ebadi · textwebappsphp
https://www.exploit-db.com/exploits/29626

The provided text describes a directory traversal vulnerability in phpTrafficA 1.4.1, allowing attackers to read arbitrary files via unsanitized input in the 'lang' parameter. The example URL demonstrates accessing '/etc/passwd' using path traversal sequences.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: phpTrafficA 1.4.1
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0709
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22655
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32628
Various Sources mailing-list x_refsource_vim
http://attrition.org/pipermail/vim/2007-February/001377.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24242
Various Sources x_refsource_confirm
http://soft.zoneo.net/phpTrafficA/news.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33373
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33374

Scores

EPSS 0.0405
EPSS Percentile 89.3%

Details

CWE
CWE-22
Status published
Products (1)
phptraffica/phptraffica 1.4.1
Published Feb 22, 2007
Tracked Since Feb 18, 2026