Monalbum Admin_Configuration.PHP Arbitrary Code Execution Vulnerability
BID:23939
Info
Monalbum Admin_Configuration.PHP Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 23939 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-2647 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | Dj7xpl is credited with the discovery of this vulnerability. |
| Vulnerable: |
Monalbum Monalbum 0.8.7 |
| Not Vulnerable: | |
Discussion
Monalbum Admin_Configuration.PHP Arbitrary Code Execution Vulnerability
Monalbum is prone to an arbitrary-code-execution vulnerability.
An attacker may need administrative credentials to access the affected script.
The attacker may exploit this issue to execute arbitrary PHP code in the context of the affected webserver.
This issue affects Monalbum 0.8.7; other versions may also be affected.
Monalbum is prone to an arbitrary-code-execution vulnerability.
An attacker may need administrative credentials to access the affected script.
The attacker may exploit this issue to execute arbitrary PHP code in the context of the affected webserver.
This issue affects Monalbum 0.8.7; other versions may also be affected.
Exploit / POC
Monalbum Admin_Configuration.PHP Arbitrary Code Execution Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
Monalbum Admin_Configuration.PHP Arbitrary Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Monalbum Admin_Configuration.PHP Arbitrary Code Execution Vulnerability
References:
References:
- Monalbum Homepage (Monalbum)