CVE-2007-1720

Sb-websoft Addressbook - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in addressbook.php in the Addressbook 1.2 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module_name parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bd0rk · perlwebappsphp

https://www.exploit-db.com/exploits/3582

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1118

[Third Party Advisory] http://secunia.com/advisories/24697

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23156

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/3582

[Third Party Advisory, VDB Entry] http://osvdb.org/36572

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/33243

Scores

EPSS 0.1085

EPSS Percentile 93.4%

Details

Status published

Products (1)

sb-websoft/addressbook 1.2

Published Mar 28, 2007

Tracked Since Feb 18, 2026