CVE-2005-4800

Name of the Vulnerable Software and Affected Versions Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier

Description A direct static code injection issue allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod info action to modify gallery.php, which inserts the code into guid info.php. This issue is easier to exploit due to a separate CSRF vulnerability.

Recommendations For Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier, avoid using the TestGallery parameter in the mod info action to modify gallery.php until a fix is available. As a temporary workaround, consider restricting access to the modify gallery.php and guid info.php files to minimize the risk of exploitation.