cbcvebase.
CVE-2007-2793
published 2007-05-22

CVE-2007-2793: PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
64.50%
99.1th percentile
PHP remote file inclusion vulnerability in ImageImageMagick.php in Geeklog 2.x allows remote attackers to execute arbitrary PHP code via a URL in the glConf[path_system] parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
geekloggeeklog

Detection & IOCsextracted from sources · hover to see the quote

path/system/ImageImageMagick.php
filenameImageImageMagick.php
  • Detect HTTP requests to ImageImageMagick.php containing a URL-like value in the glConf[path_system] parameter, indicating remote file inclusion attempt.
  • The vulnerable code is on line 3 of ImageImageMagick.php: `require $glConf['path_system'] . 'BaseImage.php';` — monitor for unsanitized user-controlled input passed to require/include statements.
  • Use the Google dork 'Powered By Geeklog' to identify potentially vulnerable Geeklog 2.x installations exposed on the internet.
  • ·The RFI is only exploitable when PHP's allow_url_fopen is set to On (the default); disabling it in php.ini mitigates the vulnerability.
  • ·Direct access to ImageImageMagick.php must be possible for exploitation; adding a PHP_SELF check to kill direct access is a recommended code-level mitigation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.