CVE-2003-1489

Truegalerie 1.0 - Unauthenticated Arbitrary File Read via File Cookie

Title source: llm
STIX 2.1

Description

upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_vulnwatch
http://marc.info/?l=vulnwatch&m=105128431109082&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/8683

Scores

EPSS 0.0090
EPSS Percentile 55.2%

Details

CWE
CWE-287
Status published
Products (1)
truegalerie/truegalerie 1.0
Published Dec 31, 2003
Tracked Since Feb 18, 2026