CVE-2007-2647

Name of the Vulnerable Software and Affected Versions Monalbum version 0.8.7

Description The issue allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via various parameters in the admin/admin configuration.php script. The vulnerable parameters include gadm pass, gadm user, gcfgHote, gcfgPass, gcfgUser, gclassement rep, gcontour, gfond, ggd version, ghome, ghor, gimg copyright, glangage, gmenu visible, gmini hasard, gordre rep, gpage, gracine, grech inactive, grep mini, grepertoire, gsite, gslide, gtitre, guse copyright, gversion, gvert, or gcfgBase.

Recommendations For Monalbum version 0.8.7, as a temporary workaround, consider restricting access to the admin/admin configuration.php script until a patch is available. Additionally, avoid using the vulnerable parameters in the script to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.