CVE-2008-6318

Phpmygallery - Code Injection

Title source: rule

Description

PHP remote file inclusion vulnerability in _conf/_php-core/common-tpl-vars.php in PHPmyGallery 1.5 beta allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter, a different vector than CVE-2008-6317.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CoBRa_21 · textwebappsphp

https://www.exploit-db.com/exploits/7399

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32723

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7399

Scores

EPSS 0.0368

EPSS Percentile 88.0%

Details

CWE

CWE-94

Status published

Products (1)

phpmygallery/phpmygallery 1.5 beta

Published Feb 27, 2009

Tracked Since Feb 18, 2026