PT-2007-3996 · Sphp · Simple Php Scripts Gallery

Sekomirza

Publicado

2007-05-15

Atualizado

2008-09-05

CVE-2007-2679

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Simple PHP Scripts (sphp) gallery version 0.3

Description The issue allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the file exists function.

Recommendations For version 0.3, consider restricting access to the index.php file or the gallery parameter to minimize the risk of exploitation until a patch is available. Avoid using the gallery parameter with untrusted input in the index.php file.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2007-2679

Produtos afetados

Simple Php Scripts Gallery

PT-2007-3996 · Sphp · Simple Php Scripts Gallery

CVE-2007-2679

Identificadores relacionados

Produtos afetados

Referências · 4