Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1466

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1466
Last Modified 05 Sep 2008 04:41:28
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1466

Summary

The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.

Vulnerable Systems

Application

  • Gallery Project Gallery 1.4.4


References

BID - 10968

GENTOO - GLSA-200409-05

CONFIRM - http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0

XF - gallery-savephotos-file-upload(17021)

FULLDISC - 20040817 Gallery 1.4.4 save_photos.php PHP Insertion Proof of Concept


Last Updated: 27 May 2016 10:39:02