Vulnerabilities > CVE-2005-1885 - Information Disclosure vulnerability in Yapig 0.92B/0.93U/0.94U

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
yapig
nessus

Summary

view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.

Vulnerable Configurations

Part Description Count
Application
Yapig
3

Nessus

NASL familyCGI abuses
NASL idYAPIG_MULTIPLE_FLAWS.NASL
descriptionThe remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws : - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through
last seen2020-06-01
modified2020-06-02
plugin id18523
published2005-06-17
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18523
titleYaPiG < 0.95b Multiple Vulnerabilities