Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4127

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-4127
Last Modified 15 Nov 2008 01:55:41
Published 01 Aug 2007 12:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4127

Summary

** DISPUTED ** PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0.

Vulnerable Systems

Application

  • Le Ralf Ralf Image Gallery 1.0


References

BUGTRAQ - 20070730 RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability

VIM - 20070731 WTF: RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability

OSVDB - 46973

XF - rig-checkentry-file-include(35689)

SREASON - 2938


Last Updated: 27 May 2016 10:45:46