CVE-2007-5706

Jeebles Directory 2.9.60 - Path Traversal via Download.php Query String

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5706. PoCs published by hack2prison.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Jeebles Directory 2.9.60, where unsanitized user input in the 'download.php' script allows arbitrary file access. The example URL demonstrates the vulnerability but lacks executable exploit code.

Description

Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by hack2prison · textwebappsphp
https://www.exploit-db.com/exploits/30701

The provided text describes a local file inclusion (LFI) vulnerability in Jeebles Directory 2.9.60, where unsanitized user input in the 'download.php' script allows arbitrary file access. The example URL demonstrates the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Jeebles Directory 2.9.60
No auth needed
Prerequisites: Access to the vulnerable 'download.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37378
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3315
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/482612/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26171
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27345

Scores

EPSS 0.0278
EPSS Percentile 86.2%

Details

CWE
CWE-22
Status published
Products (1)
jeeblestechnology/jeebles_directory 2.9.60
Published Oct 29, 2007
Tracked Since Feb 18, 2026