CVE-2006-7117

critical

Description

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

References

https://www.exploit-db.com/exploits/2863

https://exchange.xforce.ibmcloud.com/vulnerabilities/30572

https://exchange.xforce.ibmcloud.com/vulnerabilities/30570

http://www.securityfocus.com/bid/21352

Details

Source: Mitre, NVD

Published: 2007-03-06

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.02081