Lucene search

[email protected]CVE-2005-4801

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4801

2005-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

csrf

web security

yapig

php

image gallery

vulnerability

nvd

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php.

CPENameOperatorVersion
yapig:yapigyapigeq0.94u
yapig:yapigyapigeq0.93u
yapig:yapigyapigeq0.92b
yapig:yapigyapigeq0.95
yapig:yapigyapigle0.95b

CPE	Name	Operator	Version
yapig:yapig	yapig	eq	0.94u
yapig:yapig	yapig	eq	0.93u
yapig:yapig	yapig	eq	0.92b
yapig:yapig	yapig	eq	0.95
yapig:yapig	yapig	le	0.95b

References

archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

secunia.com/advisories/17041

securityreason.com/securityalert/79

www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

exchange.xforce.ibmcloud.com/vulnerabilities/22753

7.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.02 Low

EPSS

Percentile

88.8%

JSON