Sign-up

ID

VAR-200702-0413


CVE

CVE-2007-1108


TITLE

Christian Schneider CS-Gallery of index.php In PHP Remote file inclusion vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-001613

DESCRIPTION

PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. CS-Gallery is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible. CS-Gallery 2.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor. Try it out online: http://secunia.com/software_inspector/ ---------------------------------------------------------------------- TITLE: CS-Gallery "album" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA24291 VERIFY ADVISORY: http://secunia.com/advisories/24291/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: CS-Gallery 2.x http://secunia.com/product/13564/ DESCRIPTION: burncycle has discovered a vulnerability in CS-Gallery, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "album" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled and that the "todo" parameter is set to "securealbum". The vulnerability is confirmed in version 2.0. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: burncycle ORIGINAL ADVISORY: http://www.milw0rm.com/exploits/3372 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2007-1108 // JVNDB: JVNDB-2007-001613 // CNVD: CNVD-2007-1295 // BID: 22712 // PACKETSTORM: 54683

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2007-1295

AFFECTED PRODUCTS

vendor:cs gallerymodel:cs-galleryscope:lteversion:2.0

Trust: 1.8

vendor:cs gallerymodel:cs-galleryscope:eqversion:2.0

Trust: 0.9

vendor:nonemodel: - scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2007-1295 // BID: 22712 // JVNDB: JVNDB-2007-001613 // CNNVD: CNNVD-200702-501 // NVD: CVE-2007-1108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1108
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-1108
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200702-501
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-1108
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-001613 // CNNVD: CNNVD-200702-501 // NVD: CVE-2007-1108

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1108

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-501

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200702-501

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-001613

EXTERNAL IDS
db:NVDid:CVE-2007-1108
Trust: 2.7
db:BIDid:22712
Trust: 2.5
db:SECUNIAid:24291
Trust: 1.8
db:EXPLOIT-DBid:3372
Trust: 1.7
db:VUPENid:ADV-2007-0734
Trust: 1.6
db:OSVDBid:33754
Trust: 1.6
db:JVNDBid:JVNDB-2007-001613
Trust: 0.8
db:CNCVEid:CNCVE-20071108
Trust: 0.6
db:CNVDid:CNVD-2007-1295
Trust: 0.6
db:XFid:32674
Trust: 0.6
db:MILW0RMid:3372
Trust: 0.6
db:CNNVDid:CNNVD-200702-501
Trust: 0.6
db:PACKETSTORMid:54683
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2007-1295 // 
            
            
            
            BID: 22712 // 
            
            
            
            JVNDB: JVNDB-2007-001613 // 
            
            
            
            PACKETSTORM: 54683 // 
            
            
            
            CNNVD: CNNVD-200702-501 // 
            
            
            
            NVD: CVE-2007-1108

REFERENCES
url:http://www.securityfocus.com/bid/22712
Trust: 2.2
url:http://osvdb.org/33754
Trust: 1.6
url:http://secunia.com/advisories/24291
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/32674
Trust: 1.0
url:http://www.vupen.com/english/advisories/2007/0734
Trust: 1.0
url:https://www.exploit-db.com/exploits/3372
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1108
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1108
Trust: 0.8
url:http://www.milw0rm.com/exploits/3372
Trust: 0.7
url:http://xforce.iss.net/xforce/xfdb/32674
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/0734
Trust: 0.6
url:http://www.cschneider.de
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/24291/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/software_inspector/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/13564/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2007-1295 // 
            
            
            
            BID: 22712 // 
            
            
            
            JVNDB: JVNDB-2007-001613 // 
            
            
            
            PACKETSTORM: 54683 // 
            
            
            
            CNNVD: CNNVD-200702-501 // 
            
            
            
            NVD: CVE-2007-1108

CREDITS
burncycle
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200702-501

SOURCES
db:CNVDid:CNVD-2007-1295
db:BIDid:22712
db:JVNDBid:JVNDB-2007-001613
db:PACKETSTORMid:54683
db:CNNVDid:CNNVD-200702-501
db:NVDid:CVE-2007-1108

LAST UPDATE DATE
2025-04-10T23:18:15.338000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2007-1295date:2007-02-23T00:00:00
db:BIDid:22712date:2015-05-12T19:34:00
db:JVNDBid:JVNDB-2007-001613date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200702-501date:2007-02-27T00:00:00
db:NVDid:CVE-2007-1108date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CNVDid:CNVD-2007-1295date:2007-02-23T00:00:00
db:BIDid:22712date:2007-02-24T00:00:00
db:JVNDBid:JVNDB-2007-001613date:2012-06-26T00:00:00
db:PACKETSTORMid:54683date:2007-02-27T16:54:22
db:CNNVDid:CNNVD-200702-501date:2007-02-26T00:00:00
db:NVDid:CVE-2007-1108date:2007-02-26T17:28:00