Directory Traversal Vulnerability (CVE-2013-7091) Scanner

Stay Up To Date
Asset Type


Need Membership


Asset Verify


API Support


Estimate Time (Second)


Directory Traversal Vulnerability (CVE-2013-7091) Scanner Detail

This vulnerability allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter.

An 0 day was released on the 6th December 2013 by rubina119, and was patched in Zimbra 7.2.6.

The vulnerability is a local file inclusion that can retrieve any file from the server.

Currently, we read /etc/passwd and /dev/null, and compare the lengths to determine vulnerability.

Some Advice for Common Problems

Add the possibility to read compressed file. Then, send some payload to create the new mail account.

Need a Full Assessment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service