CVE-2012-5304
YVS Image Gallery - Remote Code Execution via Installation Script
Title source: llmDescription
Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/19/12
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/02/27/27
Scores
EPSS
0.0136
EPSS Percentile
68.2%
Details
CWE
CWE-94
Status
published
Products (1)
yuriy_v_semenikhin/yvs_image_gallery
Published
Oct 06, 2012
Tracked Since
Feb 18, 2026