Description
Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter.
Exploits (1)
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8423
Vendor Advisory x_refsource_confirm
http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1470
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34511
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49869
Scores
EPSS
0.0258
EPSS Percentile
85.6%
Details
CWE
CWE-22
Status
published
Products (34)
jamroom/jamroom
jamroom/jamroom
1.0 (6 CPE variants)
jamroom/jamroom
2.0.9 (2 CPE variants)
jamroom/jamroom
2.6.10
jamroom/jamroom
2.6.11
jamroom/jamroom
2.6.12
jamroom/jamroom
2.60 (3 CPE variants)
jamroom/jamroom
2.61
jamroom/jamroom
2.62
jamroom/jamroom
2.63
... and 24 more
Published
Apr 17, 2009
Tracked Since
Feb 18, 2026