PT-2010-3736 · Snipe · Snipe Gallery

Eidelweiss

Published

2010-06-01

Updated

2017-08-17

CVE-2010-2126

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Snipe Gallery version 3.1.5

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the cfg admin path parameter to various PHP files, including "index.php", "view.php", "image.php", "search.php", "admin/index.php", "admin/gallery/index.php", "admin/gallery/view.php", "admin/gallery/gallery.php", "admin/gallery/image.php", and "admin/gallery/crop.php".

Recommendations For Snipe Gallery version 3.1.5, consider restricting access to the cfg admin path parameter in the affected PHP files until a patch is available. As a temporary workaround, avoid using the cfg admin path parameter in the specified API endpoints, such as "index.php", "view.php", "image.php", "search.php", "admin/index.php", "admin/gallery/index.php", "admin/gallery/view.php", "admin/gallery/gallery.php", "admin/gallery/image.php", and "admin/gallery/crop.php", to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-2126

Affected Products

Snipe Gallery

PT-2010-3736 · Snipe · Snipe Gallery

CVE-2010-2126

Weakness Enumeration

Related Identifiers

Affected Products

References · 7