CVE-2007-6621

Joovili 3.0.0-3.0.6 - Path Traversal via Picture Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6621. PoCs published by EcHoLL.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in Joovili CMS, allowing unauthorized access to sensitive files like /etc/passwd via crafted HTTP requests. The PoC includes specific paths and parameters to bypass security restrictions.

Description

Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EcHoLL · textwebappsphp

https://www.exploit-db.com/exploits/4799

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in Joovili CMS, allowing unauthorized access to sensitive files like /etc/passwd via crafted HTTP requests. The PoC includes specific paths and parameters to bypass security restrictions.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Joovili CMS versions 2.*** and 3.***

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39666

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28231

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27056

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4799

Scores

EPSS 0.0237

EPSS Percentile 81.6%

Details

CWE

CWE-22

Status published

Products (1)

joovili/joovili < 3.0.6

Published Jan 04, 2008

Tracked Since Feb 18, 2026