CVE-2004-1466
Gravedad CVSS v2.0:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
31/12/2004
Última modificación:
03/04/2025
Descripción
*** Pendiente de traducción *** The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root.
Impacto
Puntuación base 2.0
7.50
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:gallery_project:gallery:1.4.4:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0
- http://www.gentoo.org/security/en/glsa/glsa-200409-05.xml
- http://www.securityfocus.com/bid/10968
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17021
- http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0757.html
- http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=134&mode=thread&order=0&thold=0
- http://www.gentoo.org/security/en/glsa/glsa-200409-05.xml
- http://www.securityfocus.com/bid/10968
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17021