Unrated severityNVD Advisory· Published Mar 6, 2007· Updated Apr 23, 2026

CVE-2006-7117

Description

Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.

Affected products

Kubix/Kubix
cpe:2.3:a:kubix:kubix:*:*:*:*:*:*:*:*
Range: <=0.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/21352nvd
exchange.xforce.ibmcloud.com/vulnerabilities/30570nvd
exchange.xforce.ibmcloud.com/vulnerabilities/30572nvd
www.exploit-db.com/exploits/2863nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000