The register_globals simulation capability in Gallery 1.3.1 up to and including 1.4.1 allows remote malicious users to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gallery project gallery 1.4.1 |
||
gallery project gallery 1.3.1 |
||
gallery project gallery 1.3.2 |
||
gallery project gallery 1.3.3 |
||
gallery project gallery 1.4 |