9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.2 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.3%
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
yapig:yapig | yapig | le | 0.95b |
yapig:yapig | yapig | eq | 0.92b |
yapig:yapig | yapig | eq | 0.93u |
yapig:yapig | yapig | eq | 0.94u |
yapig:yapig | yapig | eq | 0.95 |