CVE-2007-2425

Imageview 5.3 - Directory Traversal via Album Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2425. PoCs published by DNX.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Imageview v5.3 due to improper sanitization of the 'album' parameter in fileview.php. The PoC shows how an attacker can traverse directories and include arbitrary files by appending a null byte (%00) to bypass file extension checks.

Description

Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DNX · textwebappsphp

https://www.exploit-db.com/exploits/3817

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Imageview v5.3 due to improper sanitization of the 'album' parameter in fileview.php. The PoC shows how an attacker can traverse directories and include arbitrary files by appending a null byte (%00) to bypass file extension checks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Imageview v5.3

No auth needed

Prerequisites: magic_quotes_gpc = off · access to fileview.php

MITRE ATT&CK