CVE-2007-6397

Severity CVSS v4.0:
Pending analysis
Type:
CWE-22 Path Traversal
Publication date:
17/12/2007
Last modified:
09/04/2025

Description

Multiple directory traversal vulnerabilities in index.php in Flat PHP Board 1.2 and earlier allow remote attackers to (1) create arbitrary files via a .. (dot dot) in the username parameter when registering a user account, and (2) read arbitrary PHP files via a .. (dot dot) in (a) the topic parameter in a topic action or (b) the username parameter in a viewprofile action.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:flat_php:board:*:*:*:*:*:*:*:* 1.2 (including)