Lucene search

[email protected]CVE-2012-5304

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-5304

2022-10-0316:15:31

CWE-94

[email protected]

web.nvd.nist.gov

cve-2012-5304

static code injection

vulnerability

yvs image gallery

remote attackers

php code

administration security

installation documentation

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/db_connect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product’s installation documentation.

Affected configurations

NVD

Node

yuriy_v_semenikhinyvs_image_galleryMatch-

CPENameOperatorVersion
yuriy_v_semenikhin:yvs_image_galleryyuriy v semenikhin yvs image galleryeq-

CPE	Name	Operator	Version
yuriy_v_semenikhin:yvs_image_gallery	yuriy v semenikhin yvs image gallery	eq	-

References

www.openwall.com/lists/oss-security/2012/02/27/27

www.openwall.com/lists/oss-security/2012/03/19/12

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

78.7%

JSON

Related for CVE-2012-5304

prion1 nvd1 cvelist1