CVE-2007-6615

Description

Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter.

Affected products

• agares_media / phpautovideo2.21 – 2.21

References

• MISChttp://forums.agaresmedia.com/viewtopic.php?f=13&t=407
• MISChttp://osvdb.org/39618
• MISChttp://www.securityfocus.com/bid/27023
• VENDOR_ADVISORYhttp://secunia.com/advisories/28230
• EXPLOIThttps://www.exploit-db.com/exploits/4782
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/4319