Vulnerabilities > CVE-2007-0804 - Unspecified vulnerability in Ggcms 1.1.0Rc1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN ggcms
exploit available
Summary
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | GGCMS <= 1.1.0 RC1 Remote Code Execution Exploit. CVE-2007-0804. Webapps exploit for php platform |
| file | exploits/php/webapps/3271.php |
| id | EDB-ID:3271 |
| last seen | 2016-01-31 |
| modified | 2007-02-05 |
| platform | php |
| port | |
| published | 2007-02-05 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/3271/ |
| title | GGCMS <= 1.1.0 RC1 - Remote Code Execution Exploit |
| type | webapps |
References
- http://osvdb.org/35849
- http://osvdb.org/35849
- http://www.securityfocus.com/bid/22412
- http://www.securityfocus.com/bid/22412
- http://www.vupen.com/english/advisories/2007/0492
- http://www.vupen.com/english/advisories/2007/0492
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32211
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32211
- https://www.exploit-db.com/exploits/3271
- https://www.exploit-db.com/exploits/3271