Directory Traversal Vulnerability (CVE-2013-7091) Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Directory Traversal Vulnerability (CVE-2013-7091) Scanner Detail

This vulnerability allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.

An 0 day was released on the 6th December 2013 by rubina119, and was patched in Zimbra 7.2.6.

The vulnerability is a local file inclusion that can retrieve any file from the server.

Currently, we read /etc/passwd and /dev/null, and compare the lengths to determine vulnerability.

Some Advice for Common Problems

Add the possibility to read compressed file. Then, send some payload to create the new mail account.

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service