Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1227


Vulnerability Score 7.5 7.5
CVE Id CVE-2003-1227
Last Modified 05 Sep 2008 04:36:22
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation.

Vulnerable Systems


  • Gallery Project Gallery 1.4

  • Gallery Project Gallery 1.4 Pl1


BID - 8814

BUGTRAQ - 20031011 Gallery 1.4 including file vulnerability

XF - gallery-indexphp-file-include(13419)

BUGTRAQ - 20031012 Re: Gallery 1.4 including file vulnerability

BUGTRAQ - 20031011 RE: Gallery 1.4 including file vulnerability

Last Updated: 27 May 2016 10:38:17