CVE-2010-2126

Name of the Vulnerable Software and Affected Versions Snipe Gallery version 3.1.5

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cfg admin path parameter to various PHP files, including "index.php", "view.php", "image.php", "search.php", "admin/index.php", "admin/gallery/index.php", "admin/gallery/view.php", "admin/gallery/gallery.php", "admin/gallery/image.php", and "admin/gallery/crop.php".

Recommendations For Snipe Gallery version 3.1.5, consider restricting access to the cfg admin path parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the cfg admin path parameter in the specified API endpoints, such as "index.php", "view.php", "image.php", "search.php", "admin/index.php", "admin/gallery/index.php", "admin/gallery/view.php", "admin/gallery/gallery.php", "admin/gallery/image.php", and "admin/gallery/crop.php", to minimize the risk of exploitation.