CVE-2012-1669

Phpmoneybooks < 1.0.2 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in index.php in phpMoneyBooks before 1.0.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mark Stanislav · textwebappsphp

https://www.exploit-db.com/exploits/18648

View Code ZIP pw:eip

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52532

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/80101

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/111114/phpMoneyBooks-1.0.2-Local-File-Inclusion.html

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2012/Mar/259

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18648

Vendor Advisory x_refsource_confirm

http://sourceforge.net/projects/phpmoneybooks/files/Changelog.TXT/download

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/522058

Scores

EPSS 0.2006

EPSS Percentile 95.5%

Details

CWE

CWE-22

Status published

Products (1)

phpmoneybooks/phpmoneybooks < 1.0.2

Published Nov 17, 2014

Tracked Since Feb 18, 2026