CVE-2007-5321

Published: Oct 9, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in index.php in Verlihub Control Panel (VHCP) 1.7 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the page parameter.

Affected (1)

Products: Verlihub Project: Verlihub Control Panel

Verlihub Project

1 product

Verlihub Control Panel

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Verlihub Project Verlihub Control Panel	Version 1.7

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://osvdb.org/37612

Source: cve@mitre.org

http://secunia.com/advisories/27113

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/25968

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3421

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/37002

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4494

Source: cve@mitre.org

http://osvdb.org/37612