CVE-2007-4369

SOTEeSKLEP < 4.0 - Directory Traversal via File Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4369. PoCs published by dun.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in SOTEeSKLEP, allowing unauthorized file disclosure by manipulating the 'file' parameter. The vulnerability arises from insufficient input validation, enabling attackers to access files outside the intended directory.

Description

Directory traversal vulnerability in go/_files in SOTEeSKLEP before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/4282

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in SOTEeSKLEP, allowing unauthorized file disclosure by manipulating the 'file' parameter. The vulnerability arises from insufficient input validation, enabling attackers to access files outside the intended directory.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SOTEeSKLEP versions 3.1RC8, 3.5RC1, 3.5RC4, 3.5RC9, and potentially others

No auth needed

Prerequisites: Access to the vulnerable endpoint with the 'file' parameter

MITRE ATT&CK