CVE-2007-2859 Information
Description
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the path_simpgb parameter to (1) guestbook.php (2) search.php (3) mailer.php (4) avatars.php (5) ccode.php (6) comments.php (7) emoticons.php (8) gbdownload.php and possibly other PHP scripts.
Reference
http://osvdb.org/38101 http://osvdb.org/38102 http://osvdb.org/38103 http://osvdb.org/38104 http://osvdb.org/38105 http://osvdb.org/38106 http://osvdb.org/38107 http://osvdb.org/38108 http://securityreason.com/securityalert/2735 http://www.attrition.org/pipermail/vim/2007-May/001626.html http://www.securityfocus.com/archive/1/469219/100/0/threaded http://www.xmors-seurity.com/advisory/SimpGB(rfi).txt https://exchange.xforce.ibmcloud.com/vulnerabilities/34428
Share on: