CVE-2002-1412
published 2003-04-11CVE-2002-1412: Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
39.50%
98.4th percentile
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gallery_project | gallery | <= 1.3.1 | — |
| gallery_project | gallery | — | — |
| gallery_project | gallery | — | — |
| gallery_project | gallery | — | — |
| gallery_project | gallery | — | — |
| gallery_project | gallery | — | — |
| gallery_project | gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9gvv-93c9-r576: Gallery photo album package before 1
ghsa_unreviewed·2022-04-30
CVE-2002-1412 [HIGH] GHSA-9gvv-93c9-r576: Gallery photo album package before 1
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
GHSA
GHSA-f4p5-2pxq-w62g: The register_globals simulation capability in Gallery 1
ghsa_unreviewed·2022-04-29·CVSS 7.5
CVE-2004-2124 [HIGH] GHSA-f4p5-2pxq-w62g: The register_globals simulation capability in Gallery 1
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
GHSA
GHSA-74q5-9hvp-962c: PHP remote file include vulnerability in index
ghsa_unreviewed·2022-04-29·CVSS 7.5
CVE-2003-1227 [HIGH] CWE-94 GHSA-74q5-9hvp-962c: PHP remote file include vulnerability in index
PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.htmlhttp://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0http://www.debian.org/security/2002/dsa-138http://www.securityfocus.com/bid/5375https://exchange.xforce.ibmcloud.com/vulnerabilities/9737http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.htmlhttp://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0http://www.debian.org/security/2002/dsa-138http://www.securityfocus.com/bid/5375https://exchange.xforce.ibmcloud.com/vulnerabilities/9737
2003-04-11
Published