Published: 01/06/2010 Updated: 17/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery 3.1.5 allow remote malicious users to execute arbitrary PHP code via a URL in the cfg_admin_path parameter to (1) index.php, (2) view.php, (3) image.php, (4) search.php, (5) admin/index.php, (6) admin/gallery/index.php, (7) admin/gallery/view.php, (8) admin/gallery/gallery.php, (9) admin/gallery/image.php, and (10) admin/gallery/crop.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
snipegallery snipe gallery 3.1.5

source: wwwsecurityfocuscom/bid/40279/info Snipe Gallery is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process This ma ...

source: wwwsecurityfocuscom/bid/40279/info Snipe Gallery is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process This ...

CWE-94 http://www.securityfocus.com/bid/40279 http://eidelweiss-advisories.blogspot.com/2010/04/snipegallery-315-multiple-remote-file.html http://packetstormsecurity.org/1004-exploits/snipegallery-rfi.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/58806 https://nvd.nist.gov https://www.exploit-db.com/exploits/34016/

CVE-2010-2126

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect