CVE-2004-2124

Gallery 1.3.1-1.4.1 - Remote File Inclusion via GALLERY_BASEDIR Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2124. PoCs published by Bharat Mediratta.

AI-analyzed exploit summary The writeup describes a vulnerability in Gallery where improper simulation of register_globals allows overwriting global variables, leading to arbitrary PHP file inclusion via the 'GALLERY_BASEDIR' parameter.

Description

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Bharat Mediratta · textwebappsphp

https://www.exploit-db.com/exploits/23599

View Code ZIP pw:eip

The writeup describes a vulnerability in Gallery where improper simulation of register_globals allows overwriting global variables, leading to arbitrary PHP file inclusion via the 'GALLERY_BASEDIR' parameter.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Gallery versions 1.3.1, 1.3.2, 1.3.3, 1.4, and 1.4.1

No auth needed

Prerequisites: Gallery installation with vulnerable version · Access to the target URL

MITRE ATT&CK