Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-2642. PoCs published by Dj7xpl.
AI-analyzed exploit summary This is a writeup describing a Local File Include (LFI) vulnerability in R2K Gallery v1.7. It provides an example URL to exploit the vulnerability by including arbitrary local files via the 'lang2' parameter.
Description
Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Dj7xpl · textwebappsphp
https://www.exploit-db.com/exploits/3902
This is a writeup describing a Local File Include (LFI) vulnerability in R2K Gallery v1.7. It provides an example URL to exploit the vulnerability by including arbitrary local files via the 'lang2' parameter.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
R2K Gallery v1.7
No auth needed
Prerequisites:
Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36015
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1783
Various Sources mailing-list
x_refsource_vim
http://attrition.org/pipermail/vim/2007-May/001615.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34238
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/23938
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/3902
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25261
Scores
EPSS
0.0372
EPSS Percentile
88.3%
Details
Status
published
Products (1)
r2k/r2k_gallery
1.7
Published
May 13, 2007
Tracked Since
Feb 18, 2026