Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Yet Another PHP Image Gallery直接静态代码注入漏洞
Vulnerability Description
Yet Another PHP Image Gallery (YaPIG) 0.95b及更早版本存在直接静态代码注入漏洞,远程认证管理员可以通过传递给modify_gallery.php的mod_info操作中的TestGallery参数,将代码注入到guid_info.php中,来注入任意PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A