Lucene search

[email protected]CVE-2001-1234

HistoryOct 02, 2001 - 4:00 a.m.

CVE-2001-1234

2001-10-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2001-1234

bharat mediratta

gallery php

execution of arbitrary code

includedir-variable

nvd

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

CPENameOperatorVersion
gallery_project:gallerygallery project galleryeq1.1
gallery_project:gallerygallery project galleryeq1.2.1
gallery_project:gallerygallery project galleryeq1.2

CPE	Name	Operator	Version
gallery_project:gallery	gallery project gallery	eq	1.1
gallery_project:gallery	gallery project gallery	eq	1.2.1
gallery_project:gallery	gallery project gallery	eq	1.2

References

archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz

www.iss.net/security_center/static/7215.php

www.osvdb.org/1967

www.securityfocus.com/bid/3397

8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.027 Low

EPSS

Percentile

90.3%

JSON

Related for CVE-2001-1234

nessus1