Unrated severityNVD Advisory· Published Jul 2, 2007· Updated Apr 23, 2026

CVE-2007-2836

Description

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename that is marked for deletion at logout.

Affected products

Hiki/Hiki7 versions
cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:hiki:hiki:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:hiki:hiki:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:hiki:hiki:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:hiki:hiki:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:hiki:hiki:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:hiki:hiki:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:hiki:hiki:0.8.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/25764nvdPatchVendor Advisory
secunia.com/advisories/25874nvdPatchVendor Advisory
bugs.debian.org/cgi-bin/bugreport.cginvd
hikiwiki.org/en/advisory20070624.htmlnvd
hikiwiki.org/hiki-0_8_6.patchnvd
jvn.jp/jp/JVN%2305187780/index.htmlnvd
osvdb.org/37469nvd
www.debian.org/security/2007/dsa-1324nvd
www.securityfocus.com/bid/24603nvd
www.vupen.com/english/advisories/2007/2304nvd
exchange.xforce.ibmcloud.com/vulnerabilities/35029nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000