Description
PHP remote file inclusion vulnerability in check_entry.php in Ralf Image Gallery (RIG), aka Raphael Moll RIG Image Gallery, 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir_abs_src parameter. NOTE: this issue is disputed by multiple third parties, who report that the product exits if register_globals is enabled, thereby blocking exploitation. NOTE: CVE-2006-3210.a covers this issue in versions before 1.0
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Aesthetico · textwebappsphp
https://www.exploit-db.com/exploits/1942
References (8)
Core 8
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/2938
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001747.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/475094/100/0/threaded
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001748.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/46973
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35689
Third Party Advisory mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001749.html
Exploit mailing-list
x_refsource_vim
http://www.attrition.org/pipermail/vim/2007-July/001743.html
Scores
EPSS
0.1192
EPSS Percentile
93.8%
Details
Status
published
Products (1)
le_ralf/ralf_image_gallery
1.0
Published
Aug 01, 2007
Tracked Since
Feb 18, 2026