PHP Remote File Inclusion Vulnerability in LiveAlbum by LiveAlbum
CVE-2007-5315

Currently unrated

Key Information:

Vendor

Softpedia

Status
Livealbum
Vendor
CVE Published:
9 October 2007

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 61%

What is CVE-2007-5315?

The vulnerability found in LiveAlbum version 0.9.0 concerns a PHP remote file inclusion issue in the common.php file. When the register_globals feature is enabled, remote attackers can exploit this flaw to execute arbitrary PHP code. This can occur through manipulating the livealbum_dir parameter within the script, potentially allowing for severe unauthorized access and control over the affected system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2007-5315 - Proof of Concept

References

http://secunia.com/advisories/27139
third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/3446
vdb-entryx_refsource_VUPEN
https://www.exploit-db.com/exploits/4503
exploitx_refsource_EXPLOIT-DB

EPSS Score

61% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.