CVE-2012-5304

YVS Image Gallery - Remote Code Execution via Installation Script

Title source: llm
STIX 2.1

Description

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/19/12
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/02/27/27

Scores

EPSS 0.0136
EPSS Percentile 68.2%

Details

CWE
CWE-94
Status published
Products (1)
yuriy_v_semenikhin/yvs_image_gallery
Published Oct 06, 2012
Tracked Since Feb 18, 2026