Description
Directory traversal vulnerability in turbulence.php in PHP Turbulence 0.0.1 alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[tcore] parameter. NOTE: this vulnerability is disputed by CVE and a reliable third party because a direct request to user/turbulence.php triggers a fatal error before inclusion
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2673
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-April/001541.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23580
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33824
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/466564/100/100/threaded
Scores
EPSS
0.0612
EPSS Percentile
90.8%
Details
Status
published
Products (1)
php_turbulence/php_turbulence
0.0.1_alpha
Published
May 04, 2007
Tracked Since
Feb 18, 2026