Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and previous versions allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yapig yapig 0.95 |
||
yapig yapig |
||
yapig yapig 0.92b |
||
yapig yapig 0.93u |
||
yapig yapig 0.94u |