CVE-2007-5994
yappa-ng 2.3.2 - Remote Code Execution via config[path_src_include] Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in check_noimage.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the config[path_src_include] parameter.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0711-exploits/yappa-ng-rfi.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26398
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39727
Scores
EPSS
0.0123
EPSS Percentile
65.2%
Details
CWE
CWE-94
Status
published
Products (1)
yappa-ng/yappa-ng
2.3.2
Published
Nov 15, 2007
Tracked Since
Feb 18, 2026