CVE-2003-1489

Truegalerie - Authentication Bypass

Title source: rule

Description

upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.

References (2)

[Mailing List] http://marc.info/?l=vulnwatch&m=105128431109082&w=2

[Vendor Advisory] http://secunia.com/advisories/8683

Scores

EPSS 0.0024

EPSS Percentile 47.5%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

truegalerie/truegalerie

Timeline

Published Dec 31, 2003

Tracked Since Feb 18, 2026