Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2005-4800

Published: Dec 31, 2005 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2005-4800
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

Affected Software

Name Vendor Start Version End Version
Yapig Yapig * 0.95b (including)
Yapig Yapig 0.92b (including) 0.92b (including)
Yapig Yapig 0.93u (including) 0.93u (including)
Yapig Yapig 0.94u (including) 0.94u (including)
Yapig Yapig 0.95 (including) 0.95 (including)

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use