Gallery index.php远程文件列入漏洞

漏洞信息详情

Gallery index.php远程文件列入漏洞

• CNNVD编号：CNNVD-200312-234
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-1227
  
• 漏洞类型：
  
  
  代码注入
  
• 发布时间：
  
  2003-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-17
  
• 厂        商：
  
  gallery_project
• 漏洞来源：
  .’);”>This vulnerability…

Gallery 1.4和1.4-pl1版本的index.php存在PHP远程文件列入漏洞，当运行在Windows或者Unix上的默认模式时，远程攻击者通过修改GALLERY_BASEDIR参数指向一个恶意的util.php文件从而导致注入任意PHP代码，该漏洞与CVE-2002-1412不同。

The vendor has released an update to address this issue:
Gallery Gallery 1.4

• Gallery 1.4-pl2
  
  http://sf.net/project/showfiles.php?group_id=7130&release_id=184028

Gallery Gallery 1.4 -pl1

• Gallery 1.4-pl2
  
  http://sf.net/project/showfiles.php?group_id=7130&release_id=184028

来源: BID
名称: 8814
链接:http://www.securityfocus.com/bid/8814

来源: BUGTRAQ
名称: 20031011 Gallery 1.4 including file vulnerability
链接:http://www.securityfocus.com/archive/1/341044

来源: XF
名称: gallery-indexphp-file-include(13419)
链接:http://xforce.iss.net/xforce/xfdb/13419

来源: BUGTRAQ
名称: 20031012 Re: Gallery 1.4 including file vulnerability
链接:http://www.securityfocus.com/archive/1/341098

来源: BUGTRAQ
名称: 20031011 RE: Gallery 1.4 including file vulnerability
链接:http://www.securityfocus.com/archive/1/341094