CVE-2007-2507

Treble Designs 1024 CMS 0.7 - Path Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2507. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in 1024 CMS Version 0.7, allowing remote file disclosure via the 'item' parameter in download.php. The PoC shows how to access arbitrary files, such as /etc/passwd, by manipulating the path.

Description

Directory traversal vulnerability in includes/download.php in Treble Designs 1024 CMS 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the item parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · textwebappsphp

https://www.exploit-db.com/exploits/3832

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in 1024 CMS Version 0.7, allowing remote file disclosure via the 'item' parameter in download.php. The PoC shows how to access arbitrary files, such as /etc/passwd, by manipulating the path.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: 1024 CMS Version 0.7

No auth needed

Prerequisites: access to the download.php endpoint

MITRE ATT&CK