Skip to main content

CVE-2005-4800

Severity High
Score 9/10

Summary

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

  • LOW
  • NETWORK
  • SINGLE
  • COMPLETE
  • COMPLETE
  • COMPLETE

References

Advisory Timeline

  • Published