CVE-2003-1489
Truegalerie 1.0 - Unauthenticated Arbitrary File Read via File Cookie
Title source: llmDescription
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_vulnwatch
http://marc.info/?l=vulnwatch&m=105128431109082&w=2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/8683
Scores
EPSS
0.0090
EPSS Percentile
55.2%
Details
CWE
CWE-287
Status
published
Products (1)
truegalerie/truegalerie
1.0
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026