CVE-2007-6378

BadBlue <2.72b - Path Traversal

Title source: llm

Description

Directory traversal vulnerability in upload.dll in BadBlue 2.72b and earlier allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the filename parameter.

Exploits (1)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/4715

View on exploitdb

References (8)

[Exploit] http://aluigi.altervista.org/adv/badblue-adv.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/42417

[Exploit] http://www.securityfocus.com/bid/26803

[Various Sources] http://aluigi.org/testz/myhttpup.zip

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/484834/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/28031

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4160

[Third Party Advisory] http://securityreason.com/securityalert/3448

Scores

EPSS 0.0931

EPSS Percentile 92.6%

Classification

CWE

CWE-22

Status draft

Affected Products (1)

badblue/badblue < 2.72b

Timeline

Published Dec 15, 2007

Tracked Since Feb 18, 2026