CVE-2002-1412
Gallery < 1.3.1 - Remote Code Execution via GALLERY_BASEDIR Manipulation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1412. PoCs published by PowerTech.
AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in Gallery by manipulating the 'GALLERY_BASEDIR' parameter to include arbitrary remote files. The attack is straightforward, requiring only a crafted URL to exploit the vulnerability.
Description
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
Exploits (1)
This exploit leverages a file inclusion vulnerability in Gallery by manipulating the 'GALLERY_BASEDIR' parameter to include arbitrary remote files. The attack is straightforward, requiring only a crafted URL to exploit the vulnerability.