CVE-2007-2793
published 2007-05-22CVE-2007-2793: PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the…
PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
64.50%
99.1th percentile
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| geeklog | geeklog | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests to ImageImageMagick.php containing a URL-like value in the glConf[path_system] parameter, indicating remote file inclusion attempt. ↗
- →The vulnerable code is on line 3 of ImageImageMagick.php: `require $glConf['path_system'] . 'BaseImage.php';` — monitor for unsanitized user-controlled input passed to require/include statements. ↗
- →Use the Google dork 'Powered By Geeklog' to identify potentially vulnerable Geeklog 2.x installations exposed on the internet. ↗
- ·The RFI is only exploitable when PHP's allow_url_fopen is set to On (the default); disabling it in php.ini mitigates the vulnerability. ↗
- ·Direct access to ImageImageMagick.php must be possible for exploitation; adding a PHP_SELF check to kill direct access is a recommended code-level mitigation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37947http://www.securityfocus.com/bid/24031https://exchange.xforce.ibmcloud.com/vulnerabilities/34351https://www.exploit-db.com/exploits/3946http://osvdb.org/37947http://www.securityfocus.com/bid/24031https://exchange.xforce.ibmcloud.com/vulnerabilities/34351https://www.exploit-db.com/exploits/3946
2007-05-22
Published