Simple PHP Scripts (sphp) index.php gallery Variable Remote File Inclusion

2006-11-20T09:03:54
ID OSVDB:34982
Type osvdb
Reporter OSVDB
Modified 2006-11-20T09:03:54

Description

Technical Description

This vulnerability is only present under the following conditions: - Remote inclusion from FTP servers if allow_url_fopen and allow_url_include PHP options are "on" and that the system is running PHP 5.x. - Local inclusion if magic_quotes_gpc is "off".

References:

Secunia Advisory ID:24912 Mail List Post: http://www.attrition.org/pipermail/vim/2007-April/001536.html CVE-2007-2679 Bugtraq ID: 23534