CVE-2007-4328 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php (2) galerie.php or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected but that the filename for vector 3 is anzeigen.php.

Reference

http://osvdb.org/36455 http://osvdb.org/36456 http://osvdb.org/36457 http://secunia.com/advisories/26400 http://securityreason.com/securityalert/2999 http://www.securityfocus.com/archive/1/475952/100/0/threaded http://www.securityfocus.com/bid/25256 http://www.vupen.com/english/advisories/2007/2838 https://exchange.xforce.ibmcloud.com/vulnerabilities/35923