Vulnerability Description
Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName parameter, as demonstrated by injecting PHP code into a template file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ggcms | Ggcms | 1.1.0_rc1 |
References
- http://osvdb.org/35849
- http://www.securityfocus.com/bid/22412ExploitVendor Advisory
- http://www.vupen.com/english/advisories/2007/0492
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32211
- https://www.exploit-db.com/exploits/3271
- http://osvdb.org/35849
- http://www.securityfocus.com/bid/22412ExploitVendor Advisory
- http://www.vupen.com/english/advisories/2007/0492
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32211
- https://www.exploit-db.com/exploits/3271
FAQ
What is CVE-2007-0804?
CVE-2007-0804 is a vulnerability with a CVSS score of 7.5 (HIGH). Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 RC1 and earlier allows remote attackers to inject arbitrary PHP code into arbitrary files via ".." sequences in the subpageName p...
How severe is CVE-2007-0804?
CVE-2007-0804 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0804?
Check the references section above for vendor advisories and patch information. Affected products include: Ggcms Ggcms.