Lucene search
MitreCVE-2004-1466HistoryFeb 13, 2005 - 5:00 a.m.
CVE-2004-1466
2005-02-1305:00:00
mitre
web.nvd.nist.gov
26
information security
vulnerability
cve-2004-1466
gallery
set_time_limit
remote attackers
file deletion
temporary directory
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.1
Percentile
94.9%
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.
Affected configurations
Node
gallery_projectgalleryMatch1.4.4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gallery_project | gallery | 1.4.4 | cpe:2.3:a:gallery_project:gallery:1.4.4:*:*:*:*:*:*:* |
References
Related
nessus
nessus
GLSA-200409-05 : Gallery: Arbitrary command execution
2004-09-03 00:00:00
Gallery save_photos.php Arbitrary Command Execution
2004-08-22 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200409-05 (Gallery)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200409-05 (Gallery)
2008-09-24 00:00:00
exploitdb
exploitdb
Gallery 1.4.4 - Remote Server-Side Script Execution
2004-07-17 00:00:00
cvelist
cvelist
CVE-2004-1466
2005-02-13 05:00:00
gentoo
gentoo
Gallery: Arbitrary command execution
2004-09-02 00:00:00
nvd
nvd
CVE-2004-1466
2004-12-31 05:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.3
Confidence
Low
EPSS
0.1
Percentile
94.9%
Related for CVE-2004-1466