FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gallery -- remote code injection via HTTP_POST_VARS

Affected packages
gallery < 1.4.1.1

Details

VuXML ID 12b1a62d-6056-4d90-9e21-45fcde6abae4
Discovery 2004-01-27
Entry 2005-06-17

A web server running Gallery can be exploited for arbitrary PHP code execution through the use of a maliciously crafted URL.

References

CVE Name CVE-2004-2124
Message 0c0a01c3e525$1c0ed2b0$c90c030a@bmedirattatg