Vulnerabilities > CVE-2005-1885 - Information Disclosure vulnerability in Yapig 0.92B/0.93U/0.94U
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Nessus
NASL family | CGI abuses |
NASL id | YAPIG_MULTIPLE_FLAWS.NASL |
description | The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws : - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18523 |
published | 2005-06-17 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18523 |
title | YaPiG < 0.95b Multiple Vulnerabilities |