CVE-2003-1227

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.

Published: Dec 31, 2003
Updated: Apr 13, 2023
CVE: CVE-2003-1227
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
gallery_project / gallery	1.4_pl1	1.4_pl1.x
gallery_project / gallery	1.4	1.4.x

http://www.securityfocus.com/archive/1/341044
http://www.securityfocus.com/archive/1/341094
http://www.securityfocus.com/archive/1/341098
http://www.securityfocus.com/bid/8814
https://exchange.xforce.ibmcloud.com/vulnerabilities/13419

Vulnerability Database

289,697

CVE-2003-1227