Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Apr 16, 2026

CVE-2005-4800

Description

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability.

Affected products

Yapig/Yapig5 versions
cpe:2.3:a:yapig:yapig:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:yapig:yapig:*:*:*:*:*:*:*:*range: <=0.95b
- cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*
- cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*
- cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*
- cpe:2.3:a:yapig:yapig:0.95:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/bugtraq/2005-10/0161.htmlnvdExploitVendor Advisory
secunia.com/advisories/17041nvdExploitVendor Advisory
www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txtnvdExploitVendor Advisory
www.osvdb.org/19960nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22753nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000