| Vulnerability Name: | CVE-2003-1227 (CCN-13419) | ||||||||
| Assigned: | 2003-10-11 | ||||||||
| Published: | 2003-10-11 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. Note: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Sat Oct 11 2003 - 11:13:00 CDT Gallery 1.4 including file vulnerability Source: MITRE Type: CNA CVE-2003-1227 Source: CCN Type: Gallery Web site Gallery :: your photos on your website Source: CCN Type: OSVDB ID: 2662 Gallery index.php GALLERY_BASEDIR Parameter Remote File Inclusion Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20031011 Gallery 1.4 including file vulnerability Source: BUGTRAQ Type: UNKNOWN 20031011 RE: Gallery 1.4 including file vulnerability Source: BUGTRAQ Type: UNKNOWN 20031012 Re: Gallery 1.4 including file vulnerability Source: BID Type: Exploit, Patch 8814 Source: CCN Type: BID-8814 Gallery index.php Remote File Include Vulnerability Source: XF Type: UNKNOWN gallery-indexphp-file-include(13419) Source: XF Type: UNKNOWN gallery-indexphp-file-include(13419) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||