CVE-2007-6581

critical

Description

Multiple directory traversal vulnerabilities in Social Engine 2.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the global_lang parameter to (1) header_album.php, (2) header_blog.php, or (3) header_group.php; or (4) admin_header_album.php, (5) admin_header_blog.php, or (6) admin_header_group.php in admin/.

References

https://www.exploit-db.com/exploits/4767

http://osvdb.org/40375

http://osvdb.org/40374

http://osvdb.org/40373

http://osvdb.org/40372

http://osvdb.org/40371

http://osvdb.org/40370

Details

Source: Mitre, NVD

Published: 2007-12-28

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.08548