RETIRED: Ivan Gallery Script Index.PHP Remote File Include Vulnerability
BID:23519
Info
RETIRED: Ivan Gallery Script Index.PHP Remote File Include Vulnerability
| Bugtraq ID: | 23519 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2072 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 16 2007 12:00AM |
| Updated: | May 12 2015 07:49PM |
| Credit: | SekoMirza and HypNosis are credited with the discovery of this vulnerability. |
| Vulnerable: |
Ivan Gallery Script Ivan Gallery Script 0.1 |
| Not Vulnerable: | |
Discussion
RETIRED: Ivan Gallery Script Index.PHP Remote File Include Vulnerability
Ivan Gallery Script is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Ivan Gallery Script 0.1; other versions may also be vulnerable.
This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
Ivan Gallery Script is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.
This issue affects Ivan Gallery Script 0.1; other versions may also be vulnerable.
This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
Exploit / POC
RETIRED: Ivan Gallery Script Index.PHP Remote File Include Vulnerability
Attackers can use a browser to exploit this issue.
The following example exploit code is available:
Attackers can use a browser to exploit this issue.
The following example exploit code is available:
Solution / Fix
RETIRED: Ivan Gallery Script Index.PHP Remote File Include Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
This BID is being retired because further investigation has revealed that the application is not vulnerable to this issue.
References
RETIRED: Ivan Gallery Script Index.PHP Remote File Include Vulnerability
References:
References: