CVE-2007-2268

SWsoft Plesk 7.6.1, 8.1.0, 8.1.1 - Directory Traversal via Locale ID Parameter

Title source: llm

Description

Multiple directory traversal vulnerabilities in SWsoft Plesk for Windows 7.6.1, 8.1.0, and 8.1.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter to (1) login.php3 or (2) login_up.php3.

Exploits (1)

exploitdb WRITEUP VERIFIED

by anonymous · textwebappsphp

https://www.exploit-db.com/exploits/29898

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/1588

Patch x_refsource_confirm

http://kb.swsoft.com/en/1798

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/34081

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/23639

Various Sources x_refsource_confirm

http://forum.swsoft.com/showthread.php?s=&postid=172761#post172761

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/34082

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25036

Scores

EPSS 0.0569

EPSS Percentile 90.5%

Details

Status published

Products (3)

swsoft/plesk 7.6.1

swsoft/plesk 8.1.0

swsoft/plesk 8.1.1

Published Apr 25, 2007

Tracked Since Feb 18, 2026