CVE-2002-2123

Name of the Vulnerable Software and Affected Versions: Gallery version 1.3.2

Description: The issue allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY BASEDIR parameter. This is related to a remote file inclusion vulnerability in the publish xp docs.php file.

Recommendations: For Gallery version 1.3.2, avoid using the GALLERY BASEDIR parameter with external URLs until a patch is available. As a temporary workaround, consider restricting access to the publish xp docs.php file to minimize the risk of exploitation.