CVE-2007-0205 Information

Description

Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ..\ sequences in the (1) aj_skin and (2) skin_edit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the lang directory then referencing that file via the lang parameter to index.php which passes a sanity check in livre_include.php.

Reference

http://acid-root.new.fr/poc/20070107.txt http://osvdb.org/31708 http://osvdb.org/31709 http://securityreason.com/securityalert/2135 http://www.securityfocus.com/archive/1/456218/100/0/threaded http://www.securityfocus.com/bid/21926 https://exchange.xforce.ibmcloud.com/vulnerabilities/31397 https://www.exploit-db.com/exploits/3103