Gallo 'gfw_smarty.php' Remote File Include Vulnerability Network Vulnerability

Summary

Gallo is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system other attacks are also possible. Gallo 0.1.0 is vulnerable other versions may also be affected.

References

http://sourceforge.net/projects/gallo/
http://www.securityfocus.com/bid/39890

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1737

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

aeNovo Database Content Disclosure Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Tiles Multiple XSS Vulnerability
Apache mod_proxy_ftp Wildcard Characters XSS Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability

Take action and discover your vulnerabilities