cve/2024/CVE-2024-42007.md

CVE-2024-42007

Description

SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.

POC

Reference

• https://www.vicarius.io/vsociety/posts/journey-to-discovery-and-exploitation-of-path-traversal-in-php-spx-cve-2024-42007

Github

• https://github.com/BubblyCola/CVE_2024_42007
• https://github.com/EssenceCyber/Exploit-List
• https://github.com/MelvinM8/OSCP
• https://github.com/Mr-Tree-S/POC_EXP
• https://github.com/plzheheplztrying/cve_monitor