CVE-2007-6079: Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. ...

Description

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.

Metrics

EPSS Probability

1.88%

76.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-22

Affected Software

Vendor	Product	Versions
Bcoos	Bcoos	1.0.10

References

Timeline

Published: Nov 21, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-6079?

Directory traversal vulnerability in include/common.php in bcoos 1.0.10 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the xoopsOption[pagetype] parameter to the default URI for modules/news/. NOTE: this can be leveraged by using legitimate product functionality to upload a file that contains the code, then including that file.

How severe is CVE-2007-6079?

Severity scoring for CVE-2007-6079 is pending analysis. The EPSS model estimates a 1.88% probability of exploitation in the next 30 days.

How do I fix CVE-2007-6079?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.