Vulnerabilities > CVE-2005-4799 - Cross-Site Scripting vulnerability in Yapig

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
yapig
nessus
exploit available
NVD
Published: 2005-12-31
Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part Description Count
Application
Yapig
5

Exploit-Db

descriptionYaPig 0.95 b view.php img_size Parameter XSS. CVE-2005-4799 . Webapps exploit for php platform
idEDB-ID:26345
last seen2016-02-03
modified2005-10-13
published2005-10-13
reporter[email protected]
sourcehttps://www.exploit-db.com/download/26345/
titleYaPig 0.95 b view.php img_size Parameter XSS

Nessus

NASL familyCGI abuses
NASL idYAPIG_EXIF_XSS.NASL
descriptionThe remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks.
last seen2020-06-01
modified2020-06-02
plugin id19515
published2005-08-27
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19515
titleYaPiG <= 0.9.5b Multiple Vulnerabilities

References