CVE-2007-4127
CVE-2007-4127
PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1942unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/46973http://securityreason.com/securityalert/2938https://exchange.xforce.ibmcloud.com/vulnerabilities/35689http://www.attrition.org/pipermail/vim/2007-July/001743.htmlhttp://www.attrition.org/pipermail/vim/2007-July/001747.htmlhttp://www.attrition.org/pipermail/vim/2007-July/001748.htmlhttp://www.attrition.org/pipermail/vim/2007-July/001749.htmlhttp://www.securityfocus.com/archive/1/475094/100/0/threaded