CVE-2005-4800

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:yapig:yapig:0.95:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:*:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*
cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*

Information

Published : 2005-12-30 21:00

Updated : 2017-07-19 18:29


NVD link : CVE-2005-4800

Mitre link : CVE-2005-4800


JSON object : View

Advertisement

dedicated server usa

Products Affected

yapig

  • yapig