CVE-2007-2068

StoreFront mods for Gallery - Remote File Inclusion via GALLERY_BASEDIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2068. PoCs published by Alkomandoz Hacker.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in StoreFront for Gallery. The vulnerability allows an attacker to include arbitrary remote files via the GALLERY_BASEDIR parameter in business_functions.php and ui_functions.php.

Description

Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alkomandoz Hacker · textwebappsphp

https://www.exploit-db.com/exploits/3749

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in StoreFront for Gallery. The vulnerability allows an attacker to include arbitrary remote files via the GALLERY_BASEDIR parameter in business_functions.php and ui_functions.php.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: StoreFront for Gallery (version not specified)

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious file on a remote server

MITRE ATT&CK