CVE-2007-2560

ACGVannu < 1.3 - Directory Traversal via Rubrik Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2560. PoCs published by BeyazKurt.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in ACGV Annu by manipulating the 'rubrik' parameter to read arbitrary files (e.g., /etc/passwd). The PoC provides a direct URL path to exploit the flaw.

Description

Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the rubrik parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by BeyazKurt · perlwebappsphp
https://www.exploit-db.com/exploits/3867

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in ACGV Annu by manipulating the 'rubrik' parameter to read arbitrary files (e.g., /etc/passwd). The PoC provides a direct URL path to exploit the flaw.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ACGV Annu (version unspecified)
No auth needed
Prerequisites: Target application must be running ACGV Annu with vulnerable PHP script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/3867
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-May/001605.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36181
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34108
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23842

Scores

EPSS 0.0273
EPSS Percentile 84.2%

Details

Status published
Products (1)
mentiss_acgv/acgvannu < 1.3
Published May 09, 2007
Tracked Since Feb 18, 2026