CVE-2007-2647 Information
Description
Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass (2) gadm_user (3) gcfgHote (4) gcfgPass (5) gcfgUser (6) gclassement_rep (7) gcontour (8) gfond (9) ggd_version (10) ghome (11) ghor (12) gimg_copyright (13) glangage (14) gmenu_visible (15) gmini_hasard (16) gordre_rep (17) gpage (18) gracine (19) grech_inactive (20) grep_mini (21) grepertoire (22) gsite (23) gslide (24) gtitre (25) guse_copyright (26) gversion (27) gvert or (28) gcfgBase parameter.
Reference
http://0day.2600.ir/exploits/3903 http://osvdb.org/36013 http://secunia.com/advisories/25260 http://www.securityfocus.com/bid/23939 http://www.vupen.com/english/advisories/2007/1785 https://exchange.xforce.ibmcloud.com/vulnerabilities/34250 https://www.exploit-db.com/exploits/3903
Share on: