CVE-2002-1412

Name of the Vulnerable Software and Affected Versions Gallery photo album package versions prior to 1.3.1

Description The issue allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY BASEDIR variable that points to a directory or URL containing a Trojan horse init.php script.

Recommendations For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the GALLERY BASEDIR variable to prevent modification.