| VID |
21662 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The YaPiG, according to its version number, has a remote server-side script execution vulnerability. YaPiG (Yet Another PHP Image Gallery) is an open source image gallery software written in PHP. YaPiG version 0.92b could allow a remote attacker to upload and execute malicious PHP files, caused by improper filtering of user-supplied input in the add_comment.php and functions.php scripts. A remote attacker may be able to upload content that will be saved on the server with a '.php' extension. When this file is requested by the attacker, the contents of the file will be parsed and executed by the PHP engine, rather than being sent. Successful exploitation of this vulnerability may allow an attacker to execute malicious script code on a vulnerable server.
* Note: This check solely relied on the version number of the YaPiG software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://sourceforge.net/tracker/index.php?func=detail&aid=1007246&group_id=93674&atid=605076
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0756.html
* Platforms Affected:
SourceForge.net, YaPiG 0.92b
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of YaPiG (0.92.2 or later), available from the YaPiG home page at http://yapig.sourceforge.net/index.php |
| Related URL |
(CVE) |
| Related URL |
10891 (SecurityFocus) |
| Related URL |
16958 (ISS) |
|
