CVE-2013-7097

7mediaws eduTrac < 1.1.2 - Path Traversal via Installer Overview showmask Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7097. PoCs published by High-Tech Bridge.

AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in eduTrac 1.1.1, allowing remote attackers to access sensitive files via path traversal characters in the URL. No actual exploit code is provided, only a description and example URL.

Description

Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/38873

View Code ZIP pw:eip

The exploit describes a directory traversal vulnerability in eduTrac 1.1.1, allowing remote attackers to access sensitive files via path traversal characters in the URL. No actual exploit code is provided, only a description and example URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: eduTrac 1.1.1

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/64255

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23190

Scores

EPSS 0.0371

EPSS Percentile 88.3%

Details

CWE

CWE-22

Status published

Products (11)

7mediaws/edutrac 1.0.0

7mediaws/edutrac 1.0.1

7mediaws/edutrac 1.0.2

7mediaws/edutrac 1.0.3

7mediaws/edutrac 1.0.4

7mediaws/edutrac 1.0.5

7mediaws/edutrac 1.0.6

7mediaws/edutrac 1.0.7

7mediaws/edutrac 1.0.8

7mediaws/edutrac 1.0.9

... and 1 more

Published Jan 08, 2014

Tracked Since Feb 18, 2026