CVE-2007-0088

Vulnerability

openmedia contains multiple directory traversal vulnerabilities. The src parameter in page.php and the format parameter in search_form.php fail to properly sanitize user input, allowing the inclusion of .. (dot dot) sequences. This enables attackers to traverse directories outside the intended web root. Based on the reference, the software is likely any version before the discovery (2007) [1].

Exploitation

An attacker can exploit this by sending a crafted HTTP GET request to the vulnerable endpoint. No authentication is required [1]. The attack complexity is low. Example requests: http://www.site.com/page.php?src=../../../../../etc/passwd or http://www.site.com/search_form.php?lang=fr&format=../../../../../etc/passwd [1].

Impact

Successful exploitation allows an unauthenticated remote attacker to read arbitrary files on the server with the privileges of the web server process. This results in partial confidentiality impact; integrity and availability are unaffected. Theft of sensitive files such as /etc/passwd could lead to further compromise [1].

Mitigation

No official fix or update from the vendor has been disclosed in the available references [1]. The software may be abandoned or end-of-life. As a workaround, input validation should be applied to the src and format parameters, filtering out path traversal sequences. Restricting file access via web server configuration (e.g., disabling file inclusion) is also advisable. This CVE is not listed on the CISA KEV.