Phase:PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.
ReferencesBUGTRAQ:Wednesday, January 12, 2005 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110557050700947&w=2 | FULLDISC:Wednesday, January 12, 2005 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module
Votes:Assigned (Sunday, February 13, 2005)
Comments:None (candidate not yet proposed)
F7: