CVE-2003-1227

Name of the Vulnerable Software and Affected Versions Gallery versions 1.4 through 1.4-pl1

Description A remote file include issue exists in index.php, allowing remote attackers to inject arbitrary PHP code via a URL in the GALLERY BASEDIR parameter. This issue might be exploitable only during installation or if the administrator has not run a security script after installation.

Recommendations For Gallery versions 1.4 through 1.4-pl1, consider running the security script provided after installation to mitigate the risk of exploitation. As a temporary workaround, restrict access to the GALLERY BASEDIR parameter to minimize the risk of arbitrary PHP code injection.