CVE-2001-1234

Опубликовано: 02 окт. 2001

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
http://www.iss.net/security_center/static/7215.php
Patch
Vendor Advisory
http://www.osvdb.org/1967
http://www.securityfocus.com/bid/3397
Exploit
Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
http://www.iss.net/security_center/static/7215.php
Patch
Vendor Advisory
http://www.osvdb.org/1967
http://www.securityfocus.com/bid/3397
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallery_project:gallery:1.1:*:*:*:*:*:*:*

cpe:2.3:a:gallery_project:gallery:1.2:*:*:*:*:*:*:*

cpe:2.3:a:gallery_project:gallery:1.2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03889

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cqpc-88mw-jh7w

github

больше 3 лет назад