9

CVE-2005-4800

Exploit

EPSS 1.93%
Published 31.12.2005 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php.  NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Yapig ≫ Yapig Version <= 0.95b

Yapig ≫ Yapig Version0.92b

Yapig ≫ Yapig Version0.93u

Yapig ≫ Yapig Version0.94u

Yapig ≫ Yapig Version0.95

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.93%	0.826

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Vendor Advisory

Exploit

http://secunia.com/advisories/17041

Vendor Advisory

Exploit

http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Vendor Advisory

Exploit

http://www.osvdb.org/19960

https://exchange.xforce.ibmcloud.com/vulnerabilities/22753

https://nvd.nist.gov/vuln/detail/CVE-2005-4800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4800

EUVD