CVE-2007-5694

SiteBar 3.3.8 - Authenticated Path Traversal via Translation Module Dir Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5694. PoCs published by Robert Buchholz.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in SiteBar, including local file inclusion, arbitrary script execution, XSS, and URI redirection. It includes an example exploit URL for the local file inclusion vulnerability.

Description

Absolute path traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to read arbitrary files via an absolute path in the dir parameter, a different vulnerability than CVE-2007-5491.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Robert Buchholz · textwebappsphp

https://www.exploit-db.com/exploits/30682

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in SiteBar, including local file inclusion, arbitrary script execution, XSS, and URI redirection. It includes an example exploit URL for the local file inclusion vulnerability.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: SiteBar 3.3.8 and prior versions

No auth needed

Prerequisites: Access to the vulnerable SiteBar application

MITRE ATT&CK