CVE-2007-4895

Sisfo Kampus 2006 - Path Traversal via dwoprn.php f Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4895. PoCs published by k-one.

AI-analyzed exploit summary This exploit demonstrates a local file download vulnerability in Sisfo Kampus 2006, allowing unauthorized access to sensitive files like 'connectdb.php' via a direct HTTP request. The PoC shows the retrieval of database credentials through a predictable file path.

Description

Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the f parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k-one · textwebappsphp

https://www.exploit-db.com/exploits/4386

View Code ZIP pw:eip

This exploit demonstrates a local file download vulnerability in Sisfo Kampus 2006, allowing unauthorized access to sensitive files like 'connectdb.php' via a direct HTTP request. The PoC shows the retrieval of database credentials through a predictable file path.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sisfo Kampus 2006

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK

T1083 - File and Directory Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36534

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4386

Scores

EPSS 0.0404

EPSS Percentile 88.6%

Details

CWE

CWE-22

Status published

Products (1)

sisfo_kampus/sisfo_kampus 2006

Published Sep 14, 2007

Tracked Since Feb 18, 2026