Denven

#12143de 53,632
22.5CVSS total
Vulnerabilidades · 3
Alta
3
PT-2007-2591
7.5
2007-02-28
Dbimagegallery · Image Gallery · CVE-2007-1164
**Name of the Vulnerable Software and Affected Versions** DBImageGallery version 1.2.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `donsimg base path` parameter to various PHP files, including (1) attributes.php, (2) images.php, or (3) scan.php in the admin/ directory, or (4) attributes.php, (5) db utils.php, (6) images.php, (7) utils.php, or (8) values.php in the includes/ directory. **Recommendations** For DBImageGallery version 1.2.2, consider restricting access to the `donsimg base path` parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the `donsimg base path` parameter in the affected API endpoints, such as "attributes.php", "images.php", "scan.php", "db utils.php", "utils.php", and "values.php", to minimize the risk of exploitation.
PT-2007-2592
7.5
2007-02-28
Dbguestbook · Dbguestbook · CVE-2007-1165
**Name of the Vulnerable Software and Affected Versions** DBGuestbook version 1.1 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `dbs base path` parameter to API endpoints such as "utils.php", "guestbook.php", or "views.php" in the includes/ directory. **Recommendations** For DBGuestbook version 1.1, as a temporary workaround, consider restricting access to the `dbs base path` parameter in the affected API endpoints until a patch is available. Avoid using the `dbs base path` parameter in the "utils.php", "guestbook.php", or "views.php" endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2007-2291
7.5
2007-02-08
Maian · Maian Recipe · CVE-2007-0848
Name of the Vulnerable Software and Affected Versions: Maian Recipe version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the `path to folder` parameter in the classes/class mail.inc.php file. Recommendations: For Maian Recipe version 1.0, consider restricting access to the `classes/class mail.inc.php` file or validating the `path to folder` parameter to prevent remote file inclusion until a patch is available.