Vulnerability Details CVE-2007-2072
PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://attrition.org/pipermail/vim/2007-April/001534.html
- http://osvdb.org/35395
- http://securityreason.com/securityalert/2580
- http://www.securityfocus.com/archive/1/465897/100/0/threaded
- http://www.securityfocus.com/bid/23519
- http://attrition.org/pipermail/vim/2007-April/001534.html
- http://osvdb.org/35395
- http://securityreason.com/securityalert/2580
- http://www.securityfocus.com/archive/1/465897/100/0/threaded
- http://www.securityfocus.com/bid/23519
Products affected by CVE-2007-2072
-
cpe:2.3:a:ivan_gallery_script:ivan_gallery_script:0.1