Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gallery远程全局变量注入漏洞
Vulnerability Description
Gallery 1.3.1至1.4.1版本的register_globals 仿真性能存在漏洞。远程攻击者可以借助GALLERY_BASEDIR参数修改和执行PHP remote file inclusion攻击修改HTTP_POST_VARS变量。该漏洞不同于CVE-2002-1412。
CVSS Information
N/A
Vulnerability Type
N/A