CVE-2001-1234

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

Published: Oct 2, 2001
Updated: Apr 13, 2023
CVE: CVE-2001-1234
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
gallery_project / gallery	1.1	1.1.x
gallery_project / gallery	1.2.1	1.2.1.x
gallery_project / gallery	1.2	1.2.x

http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
http://www.iss.net/security_center/static/7215.php
http://www.osvdb.org/1967
http://www.securityfocus.com/bid/3397

Vulnerability Database

289,784

CVE-2001-1234