CVE-2007-4326 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader 1.3 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) gruppen.php (2) bild.php (3) feed.php (4) mitglieder.php (5) online.php (6) profil.php and possibly other unspecified PHP scripts.

Reference

http://osvdb.org/36443 http://osvdb.org/36444 http://osvdb.org/36445 http://osvdb.org/36446 http://osvdb.org/36447 http://osvdb.org/36448 http://secunia.com/advisories/26399 http://securityreason.com/securityalert/2993 http://www.securityfocus.com/archive/1/475954/100/0/threaded http://www.vupen.com/english/advisories/2007/2836 https://exchange.xforce.ibmcloud.com/vulnerabilities/35922