YaPiG Multiple Flaws Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by multiple flaws. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws: - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through 'view.php'. - Directory traversal flaw through 'upload.php'.

Solution

Update to YaPiG 0.95b or later.

References

http://secwatch.org/advisories/secwatch/20050530_yapig.txt

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-1881, CVE-2005-1882, CVE-2005-1883, CVE-2005-1884, CVE-2005-1885, CVE-2005-1886

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Authentication Bypass Vulnerability
Ajax File and Image Manager 'data.php' PHP Code Injection Vulnerability
AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
Apache Struts ClassLoader Manipulation Vulnerabilities
Allegro RomPager `Misfortune Cookie` Vulnerability

Take action and discover your vulnerabilities