CVE-2003-1227 Information

Description

PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1 when running on Windows or in Configuration mode on Unix allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation or if the administrator has not run a security script after installation.

Reference

http://www.securityfocus.com/archive/1/341044 http://www.securityfocus.com/archive/1/341094 http://www.securityfocus.com/archive/1/341098 http://www.securityfocus.com/bid/8814 https://exchange.xforce.ibmcloud.com/vulnerabilities/13419