Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4801

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4801
Last Modified 05 Sep 2008 04:57:52
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4801

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php.

Vulnerable Systems

Application

  • Yapig 0.92b

  • Yapig 0.93u

  • Yapig 0.94u

  • Yapig 0.95

  • Yapig 0.95b


References

XF - yapig-http-post-privilege-escalation(22753)

MISC - http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

SECUNIA - 17041

BUGTRAQ - 20051013 Yapig: XSS / Code Injection Vulnerability

SREASON - 79


Last Updated: 27 May 2016 10:41:26