CVE-2007-4820

Sisfo Kampus - Path Traversal

Title source: rule

Description

Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by QTRinux · textwebappsphp

https://www.exploit-db.com/exploits/4380

View Code ZIP pw:eip

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25605

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39017

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4380

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36533

Scores

EPSS 0.0470

EPSS Percentile 89.4%

Details

CWE

CWE-22

Status published

Products (1)

sisfo_kampus/sisfo_kampus 2006

Published Sep 11, 2007

Tracked Since Feb 18, 2026