CVE-2007-1164:CVE-2007-1164: Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter.

splash
Back

Description Preview

This CVE covers multiple PHP remote file inclusion weaknesses in DBImageGallery version 1.2.2. An attacker can cause arbitrary PHP code execution by supplying a URL in the donsimg_base_path parameter to various scripts located under admin/ (attributes.php, images.php, scan.php) or includes/ (attributes.php, db_utils.php, images.php, utils.php, values.php). The vulnerabilities enable remote inclusion of attacker-controlled PHP files, leading to remote code execution on the affected server. The issues were publicly disclosed in early 2007.

Overview

DBImageGallery 1.2.2 contains several PHP remote file inclusion flaws that permit an attacker to run arbitrary PHP code by passing a URL in the donsimg_base_path parameter to specific scripts in the admin/ and includes/ directories. The vulnerable scripts include admin/attributes.php, admin/images.php, admin/scan.php, as well as includes/attributes.php, includes/db_utils.php, includes/images.php, includes/utils.php, and includes/values.php. This class of vulnerability, remote file inclusion, can be exploited to execute attacker-supplied PHP on the server, potentially taking full control of the affected system.

Remediation

  • Upgrade to the latest patched version of DBImageGallery that fixes the remote file inclusion vulnerabilities. If an official patch is not available, consider removing or disabling the affected functionality or migrating to a supported replacement.
  • sanitize and validate all inputs used in file inclusion logic. Specifically, avoid using user-supplied URLs for including scripts; enforce strict whitelisting and reject remote paths for any include/require operations.
  • Disable PHP features that enable remote file inclusion where not required, by setting in php.ini: allow_url_include = Off and, if possible, allow_url_fopen = Off or restrict its use to trusted contexts.
  • Implement additional code hardening: resolve includes using explicit local paths, validate realpath of included files, and avoid constructing paths from untrusted input.
  • Deploy a Web Application Firewall (WAF) or IDS/IPS rules to detect and block remote inclusion attempts targeting the affected parameters and scripts.
  • Conduct a targeted security review and testing in a staging environment to verify that the remediation is effective and that legitimate functionality is preserved.
  • If the project is no longer maintained or patches are unavailable, consider removing the vulnerable plugin/module or replacing it with a supported alternative.

References

  • OSVDB 34944: http://osvdb.org/34944
  • Exploit-DB 3353: https://www.exploit-db.com/exploits/3353
  • ADV-2007-0692 (VUPEN): http://www.vupen.com/english/advisories/2007/0692
  • OSVDB 34943: http://osvdb.org/34943
  • OSVDB 34940: http://osvdb.org/34940
  • 20070305 Re: Remote File Include In DBImageGallery: http://www.securityfocus.com/archive/1/462142/100/0/threaded
  • OSVDB 34937: http://osvdb.org/34937
  • BID 22657: http://www.securityfocus.com/bid/22657
  • DBImageGallery - donsimg file include (32612): https://exchange.xforce.ibmcloud.com/vulnerabilities/32612
  • 20070302 Remote File Include In DBImageGallery: http://www.securityfocus.com/archive/1/461741/100/0/threaded
  • OSVDB 34942: http://osvdb.org/34942
  • OSVDB 34938: http://osvdb.org/34938
  • OSVDB 34939: http://osvdb.org/34939
  • OSVDB 34941: http://osvdb.org/34941

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Accommodation & Food Services: Low
    Accommodation & Food Services
  2. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  3. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  4. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  5. Construction: Low
    Construction
  6. Educational Services: Low
    Educational Services
  7. Finance and Insurance: Low
    Finance and Insurance
  8. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background