{"cve": [{"lastseen": "2017-10-11T11:07:09", "bulletinFamily": "NVD", "description": "PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media Gallery 1.4.8a and earlier for Geeklog allows remote attackers to execute arbitrary PHP code via a URL in the _MG_CONF[path_html] parameter.", "modified": "2017-10-10T21:32:20", "published": "2007-05-16T06:19:00", "id": "CVE-2007-2706", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2706", "title": "CVE-2007-2706", "type": "cve", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:32", "bulletinFamily": "software", "description": "## Technical Description\nThis vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).\n## Solution Description\nUpgrade to version 1.4.8b or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Manual Testing Notes\nhttp://[target]/mediagallery/public_html/maint/ftpmedia.php?_MG_CONF[path_html]= shell.txt?\n## References:\n[Secunia Advisory ID:25272](https://secuniaresearch.flexerasoftware.com/advisories/25272/)\nISS X-Force ID: 34294\nGeneric Exploit URL: http://www.milw0rm.com/exploits/3924\nFrSIRT Advisory: ADV-2007-1827\n[CVE-2007-2706](https://vulners.com/cve/CVE-2007-2706)\nBugtraq ID: 23983\n", "modified": "2007-05-14T11:18:50", "published": "2007-05-14T11:18:50", "href": "https://vulners.com/osvdb/OSVDB:36239", "id": "OSVDB:36239", "title": "Media Gallery for Geeklog maint/ftpmedia.php _MG_CONF[path_html] Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}