Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0376

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0376
Last Modified 05 Sep 2008 04:46:07
Published 12 Jan 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0376

Summary

PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.

Vulnerable Systems

Application

  • Sergey Kiselev Sgallery 1.01


References

XF - sgallery-file-include(18878)

MISC - http://www.waraxe.us/advisory-39.html

SECTRACK - 1012868

SECUNIA - 13824

BUGTRAQ - 20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke


Last Updated: 27 May 2016 10:39:46