CVE-2007-1108

CS-Gallery < 2.0 - Remote File Inclusion via Album Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1108. PoCs published by burncycle.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in CS_Gallery <= 2.0 by manipulating the 'album' POST parameter to include a remote shell. It requires specific PHP settings (allow_url_fopen and allow_url_include) to be enabled on the target.

Description

PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by burncycle · phpwebappsphp

https://www.exploit-db.com/exploits/3372

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in CS_Gallery <= 2.0 by manipulating the 'album' POST parameter to include a remote shell. It requires specific PHP settings (allow_url_fopen and allow_url_include) to be enabled on the target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CS_Gallery <= 2.0

No auth needed

Prerequisites: allow_url_fopen = On · allow_url_include = On · cURL extension enabled on attacker's machine

MITRE ATT&CK