7.6 High
AI Score
Confidence
Low
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.0%
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
yapig:yapig | yapig | eq | 0.94u |
yapig:yapig | yapig | eq | 0.93u |
yapig:yapig | yapig | eq | 0.92b |
yapig:yapig | yapig | eq | 0.95 |
yapig:yapig | yapig | le | 0.95b |