CVE-2004-2124

Published: Dec 31, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.

Affected (5)

Products: Gallery Project: Gallery

Gallery Project

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Gallery Project Gallery	Version 1.3.1
Gallery Project Gallery	Version 1.3.2
Gallery Project Gallery	Version 1.3.3
Gallery Project Gallery	Version 1.4.1
Gallery Project Gallery	Version 1.4

References (14)

http://gallery.menalto.com/modules.php?op=modload&name=News&file=index

Source: cve@mitre.org

Patch

http://marc.info/?l=bugtraq&m=107524414317693&w=2

Source: cve@mitre.org

http://secunia.com/advisories/10712/

Source: cve@mitre.org

http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml

Source: cve@mitre.org

http://www.osvdb.org/3737

Source: cve@mitre.org

http://www.securityfocus.com/bid/9490

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/14950

Source: cve@mitre.org

http://gallery.menalto.com/modules.php?op=modload&name=News&file=index

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://marc.info/?l=bugtraq&m=107524414317693&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/10712/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/3737

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/9490

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/14950

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.