CVE Vulnerabilities

CVE-2005-4800

Published: Dec 31, 2005 | Modified: Jul 20, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

Affected Software

Name Vendor Start Version End Version
Yapig Yapig 0.94u 0.94u
Yapig Yapig 0.93u 0.93u
Yapig Yapig 0.92b 0.92b
Yapig Yapig 0.95 0.95
Yapig Yapig * 0.95b

References