Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder Galerie 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the config[root_ordner] parameter to (1) index.php, (2) galerie.php, or (3) anzagien.php. NOTE: A later report states that 1.1 is also affected, but that the filename for vector 3 is anzeigen.php.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
| Link | Tags |
|---|---|
| http://osvdb.org/36457 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35923 | vdb entry |
| http://www.vupen.com/english/advisories/2007/2838 | vdb entry vendor advisory |
| http://osvdb.org/36456 | vdb entry |
| http://www.securityfocus.com/bid/25256 | vdb entry exploit |
| http://osvdb.org/36455 | vdb entry |
| http://secunia.com/advisories/26400 | third party advisory vendor advisory |
| http://securityreason.com/securityalert/2999 | third party advisory |
| http://www.securityfocus.com/archive/1/475952/100/0/threaded | mailing list |