Summary
The remote web server contains a PHP application that is affected by multiple flaws.
Description :
The remote host is running YaPiG, a web-based image gallery written in PHP.
The installed version of YaPiG is vulnerable to multiple flaws:
- Remote and local file inclusion.
- Cross-site scripting and HTML injection flaws through 'view.php'.
- Directory traversal flaw through 'upload.php'.
Solution
Update to YaPiG 0.95b or later.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-1881, CVE-2005-1882, CVE-2005-1883, CVE-2005-1884, CVE-2005-1885, CVE-2005-1886 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities