CVE-2003-1489

Published Dec 31, 2003

Last updated a month ago

Overview

Description: upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:truegalerie:truegalerie:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F49F02-3297-4E6D-80C3-4798AE5E3448"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.