CVE-2007-2647 - Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote

CVE-2007-2647

Summary

Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.

References

Vulnerable Configurations

cpe:2.3:a:monalbum:monalbum:0.8.7:*:*:*:*:*:*:*
cpe:2.3:a:monalbum:monalbum:0.8.7:*:*:*:*:*:*:*

CVSS

Base:	6.5 (as of 19-10-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:S/C:P/I:P/A:P

refmap via4

bid	23939
exploit-db	3903
misc	http://0day.2600.ir/exploits/3903
osvdb	36013
secunia	25260
vupen	ADV-2007-1785
xf	monalbum-adminconfiguration-code-execution(34250)

Last major update

19-10-2017 - 01:30

Published

14-05-2007 - 21:19

Last modified

19-10-2017 - 01:30