Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6604


Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6604
Last Modified 15 Nov 2008 02:05:30
Published 31 Dec 2007 03:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the s parameter to the admin page or (2) the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under dati/membri/ or by executing embedded PHP code in images under uploads/avatar/.

Vulnerable Systems


  • Xcms 1.82


XF - xcms-index-file-include(39281)

BID - 27060

MILW0RM - 4802

OSVDB - 40276

XF - xcms-index-information-disclosure(39282)

SECUNIA - 28256

Last Updated: 27 May 2016 10:46:32