Vulnerabilities > CVE-2007-0804 - Remote PHP Code Execution vulnerability in Ggcms 1.1.0Rc1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | GGCMS <= 1.1.0 RC1 Remote Code Execution Exploit. CVE-2007-0804. Webapps exploit for php platform |
| file | exploits/php/webapps/3271.php |
| id | EDB-ID:3271 |
| last seen | 2016-01-31 |
| modified | 2007-02-05 |
| platform | php |
| port | |
| published | 2007-02-05 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/3271/ |
| title | GGCMS <= 1.1.0 RC1 - Remote Code Execution Exploit |
| type | webapps |