CVE-2007-1152

Pyrophobia 2.1.3.1 - Path Traversal

Title source: llm

Description

Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/8095

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsphp

https://www.exploit-db.com/exploits/29632

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/37398

[Exploit] http://www.securityfocus.com/bid/22667

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33861

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8095

Scores

EPSS 0.0458

EPSS Percentile 89.3%

Details

CWE

CWE-22

Status published

Products (1)

pyrophobia/pyrophobia 2.1.3.1

Published Mar 02, 2007

Tracked Since Feb 18, 2026