Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2004-2124
HistoryMay 27, 2005 - 4:00 a.m.

CVE-2004-2124

2005-05-2704:00:00
mitre
web.nvd.nist.gov
41
gallery
register_globals
simulation
php
remote file inclusion
vulnerability

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.192

Percentile

96.4%

JSON

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.

Affected configurations

Nvd
Node
gallery_projectgalleryMatch1.3.1
OR
gallery_projectgalleryMatch1.3.2
OR
gallery_projectgalleryMatch1.3.3
OR
gallery_projectgalleryMatch1.4
OR
gallery_projectgalleryMatch1.4.1
VendorProductVersionCPE
gallery_projectgallery1.3.1cpe:2.3:a:gallery_project:gallery:1.3.1:*:*:*:*:*:*:*
gallery_projectgallery1.3.2cpe:2.3:a:gallery_project:gallery:1.3.2:*:*:*:*:*:*:*
gallery_projectgallery1.3.3cpe:2.3:a:gallery_project:gallery:1.3.3:*:*:*:*:*:*:*
gallery_projectgallery1.4cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*
gallery_projectgallery1.4.1cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*

Related

openvas 6
cvelist 3
nvd 3
exploitdb 2
nessus 3
freebsd 1
canvas 1
checkpoint_advisories 1
osv 1
cve 2
openvas
openvas
FreeBSD Ports: gallery
2008-09-04 00:00:00
FreeBSD Ports: gallery
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200402-04 (Gallery)
2008-09-24 00:00:00
cvelist
cvelist
CVE-2004-2124
2005-05-27 04:00:00
CVE-2002-1412
2004-09-01 04:00:00
CVE-2003-1227
2005-08-16 04:00:00
nvd
nvd
CVE-2004-2124
2004-12-31 05:00:00
CVE-2002-1412
2003-04-11 04:00:00
CVE-2003-1227
2003-12-31 05:00:00
exploitdb
exploitdb
Gallery 1.3.x/1.4 - Remote Global Variable Injection
2004-01-26 00:00:00
Bharat Mediratta Gallery 1.x - Remote File Inclusion
2002-08-01 00:00:00
nessus
nessus
Gallery HTTP Global Variables File Inclusion
2004-01-29 00:00:00
FreeBSD : gallery -- remote code injection via HTTP_POST_VARS (12b1a62d-6056-4d90-9e21-45fcde6abae4)
2005-07-13 00:00:00
Debian DSA-138-1 : gallery - remote exploit
2004-09-29 00:00:00
freebsd
freebsd
gallery -- remote code injection via HTTP_POST_VARS
2004-01-27 00:00:00
canvas
canvas
Immunity Canvas: GALLERY1_INCLUDE
2003-04-11 04:00:00
checkpoint_advisories
checkpoint_advisories
Bharat Mediratta Gallery captionator.php GALLERY_BASEDIR Parameter PHP Code Execution - Ver2 (CVE-2002-1412)
2014-03-31 00:00:00
osv
osv
gallery - remote exploit
2002-08-01 00:00:00
cve
cve
CVE-2002-1412
2004-09-01 04:00:00
CVE-2003-1227
2005-08-16 04:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.192

Percentile

96.4%

JSON
Related for CVE-2004-2124
openvas6cvelist3nvd3exploitdb2nessus3freebsd1canvas1checkpoint_advisories1osv1cve2