CVE-2005-4800

Published: Dec 31, 2005Modified: Apr 16, 2026

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Exploitability: 8.0 / Impact: 10.0

Source: NVD

Description

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

Affected (5)

Products: Yapig: Yapig

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Yapig Yapig	Up to 0.95b
Yapig Yapig	Version 0.92b
Yapig Yapig	Version 0.93u
Yapig Yapig	Version 0.94u
Yapig Yapig	Version 0.95

References (10)

http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/17041

Source: cve@mitre.org

ExploitVendor Advisory

http://www.osvdb.org/19960

Source: cve@mitre.org

http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Source: cve@mitre.org

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22753

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://secunia.com/advisories/17041

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.osvdb.org/19960

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/22753

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.