GGCMS Remote PHP Code Execution Vulnerability
BID:22412
Info
GGCMS Remote PHP Code Execution Vulnerability
| Bugtraq ID: | 22412 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0804 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 05 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Kacper is credited with the discovery of this vulnerability. |
| Vulnerable: |
GGCMS GGCMS 1.1.0 RC1 |
| Not Vulnerable: | |
Discussion
GGCMS Remote PHP Code Execution Vulnerability
GGCMS is prone to an arbitrary PHP code-execution vulnerability.
A successful attack would allow attackers to execute script code with the privileges of the webserver process.
Version 1.1.0 RC2 is affected by this issue.
GGCMS is prone to an arbitrary PHP code-execution vulnerability.
A successful attack would allow attackers to execute script code with the privileges of the webserver process.
Version 1.1.0 RC2 is affected by this issue.
Exploit / POC
GGCMS Remote PHP Code Execution Vulnerability
Attackers can exploit this issue via a web client.
Sample exploit code has been provided:
Attackers can exploit this issue via a web client.
Sample exploit code has been provided:
Solution / Fix
GGCMS Remote PHP Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].