CVE-2007-0804 Information
Feb 14, 2021
cve
Description
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ..\ sequences in the subpageName parameter as demonstrated by injecting PHP code into a template file.
Reference
http://osvdb.org/35849 http://www.securityfocus.com/bid/22412 http://www.vupen.com/english/advisories/2007/0492 https://exchange.xforce.ibmcloud.com/vulnerabilities/32211 https://www.exploit-db.com/exploits/3271
Share on: