Vulnerabilities > CVE-2007-2647 - Unspecified vulnerability in Monalbum 0.8.7

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
monalbum
exploit available
NVD
Published: 2007-05-14
Updated: 2017-10-19

Summary

Static code injection vulnerability in admin/admin_configuration.php in Monalbum 0.8.7 allows remote authenticated users to inject arbitrary PHP code into the conf/config.inc.php file via the (1) gadm_pass, (2) gadm_user, (3) gcfgHote, (4) gcfgPass, (5) gcfgUser, (6) gclassement_rep, (7) gcontour, (8) gfond, (9) ggd_version, (10) ghome, (11) ghor, (12) gimg_copyright, (13) glangage, (14) gmenu_visible, (15) gmini_hasard, (16) gordre_rep, (17) gpage, (18) gracine, (19) grech_inactive, (20) grep_mini, (21) grepertoire, (22) gsite, (23) gslide, (24) gtitre, (25) guse_copyright, (26) gversion, (27) gvert, or (28) gcfgBase parameter.

Vulnerable Configurations

Part Description Count
Application
Monalbum
1

Exploit-Db

descriptionMonalbum 0.8.7 Remote Code Execution Exploit. CVE-2007-2647. Webapps exploit for php platform
fileexploits/php/webapps/3903.php
idEDB-ID:3903
last seen2016-01-31
modified2007-05-11
platformphp
port
published2007-05-11
reporterDj7xpl
sourcehttps://www.exploit-db.com/download/3903/
titleMonalbum 0.8.7 - Remote Code Execution Exploit
typewebapps

References