CVE-2005-4801
Last modified
CVE-2005-4801 is a vulnerability of currently unknown severity. Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php.. EPSS estimates a 1.70% chance of exploitation in the next 30 days.
Description
Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Yapig | Yapig | <= 0.95b |
| Yapig | Yapig | 0.92b |
| Yapig | Yapig | 0.93u |
| Yapig | Yapig | 0.94u |
| Yapig | Yapig | 0.95 |
References
- http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.htmlExploit, Vendor Advisory
- http://secunia.com/advisories/17041Exploit, Vendor Advisory
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txtExploit, Vendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.htmlExploit, Vendor Advisory
- http://secunia.com/advisories/17041Exploit, Vendor Advisory
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txtExploit, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-4801?
How severe is CVE-2005-4801?
How do I fix CVE-2005-4801?
Are you affected by CVE-2005-4801?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST