CVE-2007-1164

Name of the Vulnerable Software and Affected Versions DBImageGallery version 1.2.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the donsimg base path parameter to various PHP files, including (1) attributes.php, (2) images.php, or (3) scan.php in the admin/ directory, or (4) attributes.php, (5) db utils.php, (6) images.php, (7) utils.php, or (8) values.php in the includes/ directory.

Recommendations For DBImageGallery version 1.2.2, consider restricting access to the donsimg base path parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the donsimg base path parameter in the affected API endpoints, such as "attributes.php", "images.php", "scan.php", "db utils.php", "utils.php", and "values.php", to minimize the risk of exploitation.