Lucene search

[email protected]CVE-2005-0376

HistoryJan 12, 2005 - 5:00 a.m.

CVE-2005-0376

2005-01-1205:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

information security

vulnerability

php

remote file inclusion

sgallery 1.01

nvd

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON

PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.

CPENameOperatorVersion
sergey_kiselev:sgallerysergey kiselev sgalleryeq1.01

CPE	Name	Operator	Version
sergey_kiselev:sgallery	sergey kiselev sgallery	eq	1.01

References

lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html

marc.info/?l=bugtraq&m=110557050700947&w=2

secunia.com/advisories/13824

securitytracker.com/id?1012868

www.waraxe.us/advisory-39.html

exchange.xforce.ibmcloud.com/vulnerabilities/18878

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.025 Low

EPSS

Percentile

89.9%

JSON