CVE-2007-2457

PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.

🔗 References (20)

• cve@mitrehttp://osvdb.org/34976
• cve@mitrehttp://pixaria.com/index.history.php
• cve@mitrehttp://secunia.com/advisories/24821
• cve@mitrehttp://www.pixaria.com/news/article/70/
• cve@mitrehttp://www.pixaria.com/news/article/71/
• cve@mitrehttp://www.securityfocus.com/archive/1/465847/100/200/threaded
• cve@mitrehttp://www.securityfocus.com/bid/23489
• cve@mitrehttp://www.vupen.com/english/advisories/2007/1390
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/33662
• cve@mitrehttps://www.exploit-db.com/exploits/3733
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/34976
• af854a3a-2127-422b-91ae-364da2661108http://pixaria.com/index.history.php
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24821
• af854a3a-2127-422b-91ae-364da2661108http://www.pixaria.com/news/article/70/
• af854a3a-2127-422b-91ae-364da2661108http://www.pixaria.com/news/article/71/