CVE-2006-7117 Information

Description

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ..\ sequences in the theme cookie to index.php which is not properly handled by includes/head.php; and (2) read arbitrary files via ..\ sequences in the file parameter in an add_dl action to adm_index.php as demonstrated by reading connect.php.

Reference

http://www.securityfocus.com/bid/21352 https://exchange.xforce.ibmcloud.com/vulnerabilities/30570 https://exchange.xforce.ibmcloud.com/vulnerabilities/30572 https://www.exploit-db.com/exploits/2863