Vulnerability Name:
CVE-2001-1234 (CCN-7215)
Assigned:
2001-10-02
Published:
2001-10-02
Updated:
2008-09-05
Summary:
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Gain Privileges
References:
Source: BUGTRAQ
Type: UNKNOWN
20011002 results of semi-automatic source code audit
Source: CCN
Type: BugTraq Mailing List, Tue Oct 02 2001 - 16:59:09 CDT
results of semi-automatic source code audit
Source: MITRE
Type: CNA
CVE-2001-1048
Source: MITRE
Type: CNA
CVE-2001-1049
Source: MITRE
Type: CNA
CVE-2001-1050
Source: MITRE
Type: CNA
CVE-2001-1051
Source: MITRE
Type: CNA
CVE-2001-1052
Source: MITRE
Type: CNA
CVE-2001-1054
Source: MITRE
Type: CNA
CVE-2001-1234
Source: MITRE
Type: CNA
CVE-2001-1235
Source: MITRE
Type: CNA
CVE-2001-1236
Source: MITRE
Type: CNA
CVE-2001-1237
Source: MITRE
Type: CNA
CVE-2001-1296
Source: MITRE
Type: CNA
CVE-2001-1297
Source: MITRE
Type: CNA
CVE-2001-1298
Source: MITRE
Type: CNA
CVE-2001-1299
Source: CCN
Type: Empris Web site
Empris
Source: CCN
Type: AWOL Web site
Project details for AWOL
Source: CCN
Type: Webodex Web site
Webodex
Source: CCN
Type: myphpPagetool Web site
Welcome to myphpPagetool
Source: CCN
Type: Phorecast Web site
What is Phorecast?
Source: CONFIRM
Type: UNKNOWN
http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
Source: CCN
Type: SourceForge.net
Project: SIPS
Source: CCN
Type: CCCSoftware Web site
CCC
Source: XF
Type: Patch, Vendor Advisory
php-includedir-code-execution(7215)
Source: CCN
Type: US-CERT VU#847803
Php variables passed from the browser are stored in global context
Source: CCN
Type: more.groupware Web site
latest news
Source: OSVDB
Type: UNKNOWN
1967
Source: CCN
Type: OSVDB ID: 13058
Empris includedir Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 13059
CCCSoftware CCC includedir Remote File Inclusion
Source: CCN
Type: OSVDB ID: 13060
Dark Hart Portal darkportal includedir Remote File Inclusion
Source: CCN
Type: OSVDB ID: 13090
Webodex CGI Script Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1959
AWOL helperfunction.php includedir Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1960
Actionpoll includedir Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1961
ZorbStats includedir Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1962
Phorecast Arbitrary File Inclusion
Source: CCN
Type: OSVDB ID: 1963
phpAdsNew helperfunction.php Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1964
Phormation phormationdir Arbitrary File Inclusion
Source: CCN
Type: OSVDB ID: 1965
myphpPagetool helperfunction.php includedir Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1966
pSlash includedir Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 1967
Bharat Mediratta Gallery includedir Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 35356
ActionPoll actionpoll.php CONFIG_POLLDB Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 35357
ActionPoll db/DataReaderWriter.php CONFIG_DB Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 37417
ActionPoll db/PollDB.php CONFIG_DATAREADERWRITER Parameter Remote File Inclusion
Source: CCN
Type: OSVDB ID: 5433
More.groupware Remote File Inclusion
Source: CCN
Type: PeaceWorks Computer Consulting Web site
Phormation
Source: CCN
Type: pSlash Web site
pSlash Web Portal System
Source: CCN
Type: BID-3383
Marc Logemann More.groupware Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3384
Actionpoll Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3385
Grant Horwood Webodex Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3386
Zorbat ZorbStats Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3387
AWOL Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3388
Paul M. Jones Phorecast Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3389
CCC Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3390
Dark Hart Portal Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3391
Empris Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3392
PHPAdsNew Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3393
Peaceworks Computer Consulting Phormation Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3394
Sebastian Bunka myphpPagetool Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3395
Derek Leung pSlash Remote Arbitrary Code Execution Vulnerability
Source: CCN
Type: BID-3396
Haakon Nilsen SIPS Remote Arbitrary Code Execution Vulnerability
Source: BID
Type: Exploit, Vendor Advisory
3397
Source: CCN
Type: BID-3397
Bharat Mediratta Gallery Remote Arbitrary Code Execution Vulnerability
Source: XF
Type: UNKNOWN
php-includedir-code-execution(7215)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:gallery_project:gallery:1.1:*:*:*:*:*:*:*
OR
cpe:/a:gallery_project:gallery:1.2:*:*:*:*:*:*:*
OR
cpe:/a:gallery_project:gallery:1.2.1:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:grant_horwood:webodex:1.0:*:*:*:*:*:*:*
OR
cpe:/a:zorbat:zorbstats:0.8:*:*:*:*:*:*:*
OR
cpe:/a:cccsoftware:ccc:1.03:*:*:*:*:*:*:*
OR
cpe:/a:emergenices_personnel_information_system:empris:0.4:*:*:*:*:*:*:*
OR
cpe:/a:peaceworks_computer_consulting:phormation:0.9.1:*:*:*:*:*:*:*
OR
cpe:/a:derek_leung:pslash:0.70:*:*:*:*:*:*:*
OR
cpe:/a:gallery:gallery:1.2.1:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
gallery_project
gallery 1.1
gallery_project
gallery 1.2
gallery_project
gallery 1.2.1
grant_horwood
webodex 1.0
zorbat
zorbstats 0.8
cccsoftware
ccc 1.03
emergenices_personnel_information_system
empris 0.4
peaceworks_computer_consulting
phormation 0.9.1
derek_leung
pslash 0.70
gallery
gallery 1.2.1
Denotes that component is vulnerable