9

CVE-2005-4800

Exploit

EPSS 1.93%
Veröffentlicht 31.12.2005 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php.  NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yapig ≫ Yapig Version <= 0.95b

Yapig ≫ Yapig Version0.92b

Yapig ≫ Yapig Version0.93u

Yapig ≫ Yapig Version0.94u

Yapig ≫ Yapig Version0.95

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.93%	0.826

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Vendor Advisory

Exploit

http://secunia.com/advisories/17041

Vendor Advisory

Exploit

http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Vendor Advisory

Exploit

http://www.osvdb.org/19960

https://exchange.xforce.ibmcloud.com/vulnerabilities/22753

https://nvd.nist.gov/vuln/detail/CVE-2005-4800

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-4800

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-4800

EUVD