Vulnerabilities > CVE-2004-1408 - Remote vulnerability in Singapore Image Gallery
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | SINGAPORE_FLAWS.NASL |
| description | Singapore is a PHP based photo gallery web application. The remote version of this software is affected by multiple vulnerabilities that may allow an attacker to read arbitrary files on the remote host or to execute arbitrary PHP commands. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15987 |
| published | 2004-12-16 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15987 |
| title | Singapore Gallery < 0.9.11 Multiple Vulnerabilities |