Description
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13419
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8814
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/341098
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/341094
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/341044
Scores
EPSS
0.0574
EPSS Percentile
90.5%
Details
CWE
CWE-94
Status
published
Products (2)
gallery_project/gallery
1.4
gallery_project/gallery
1.4_pl1
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026