StoreFront for Gallery mods/ui_functions.php GALLERY_BASEDIR Variable Remote File Inclusion

2007-04-16T07:18:53
ID OSVDB:34970
Type osvdb
Reporter OSVDB
Modified 2007-04-16T07:18:53

Description

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

References:

Secunia Advisory ID:24890 Related OSVDB ID: 34969 Other Advisory URL: http://milw0rm.com/exploits/3749 ISS X-Force ID: 33701 Generic Exploit URL: http://www.milw0rm.com/exploits/3749 FrSIRT Advisory: ADV-2007-1423 CVE-2007-2068 Bugtraq ID: 23516