Description
Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Federico Fazzi · textwebappsphp
https://www.exploit-db.com/exploits/27989
exploitdb
WORKING POC
VERIFIED
by Federico Fazzi · pythonwebappsphp
https://www.exploit-db.com/exploits/27988
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016249
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/436333/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/26195
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/26194
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/26196
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2187
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27010
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20475
Scores
EPSS
0.0863
EPSS Percentile
92.5%
Details
Status
published
Products (1)
miraks/miraksgalerie
2.62
Published
Jun 09, 2006
Tracked Since
Feb 18, 2026