Sergey Kiselev : Security vulnerabilities, CVEs

Copy

CVE-2005-0377

SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.

Max CVSS

7.5

EPSS Score

1.57%

Published

2005-05-02

Updated

2017-07-11

CVE-2005-0376

PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.

Max CVSS

7.5

EPSS Score

2.48%

Published

2005-01-12

Updated

2017-07-11

CVE-2005-0375

imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.

Max CVSS

5.0

EPSS Score

0.62%

Published

2005-05-02

Updated

2017-07-11

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!