CVE-2001-1234 Information

Description

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

Reference

http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz http://www.iss.net/security_center/static/7215.php http://www.osvdb.org/1967 http://www.securityfocus.com/bid/3397