PHP remote file inclusion vulnerability in resources/includes/class.Smarty.php in Pixaria Gallery before 1.4.3 allows remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixaria | pixaria_gallery | 1.2.1 |
| pixaria | pixaria_gallery | 1.0.2 |
| pixaria | pixaria_gallery | 1.1.6 |
| pixaria | pixaria_gallery | 1.1.4 |
| pixaria | pixaria_gallery | 1.0.1 |
| pixaria | pixaria_gallery | 1.3.2 |
| pixaria | pixaria_gallery | 1.1.2 |
| pixaria | pixaria_gallery | 1.3.3 |
| pixaria | pixaria_gallery | 1.3 |
| pixaria | pixaria_gallery | 1.4.1 |
| pixaria | pixaria_gallery | 1.3.1 |
| pixaria | pixaria_gallery | 1.0.3 |
| pixaria | pixaria_gallery | 1.1.5 |
| pixaria | pixaria_gallery | 1.2 |
| pixaria | pixaria_gallery | 1.1.3 |
| pixaria | pixaria_gallery | 1.1.1 |
| pixaria | pixaria_gallery | 1.4.2 |
| pixaria | pixaria_gallery | 1.0.5 |
| pixaria | pixaria_gallery | 1.4 |
| pixaria | pixaria_gallery | 1.0.4 |
| pixaria | pixaria_gallery | 1.1 |
Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery before 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the cfg[sys][base_path] parameter to psg.smarty.lib.php and certain include and library scripts, a different vector than CVE-2007-2457.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-94,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixaria | pixaria_gallery | 1.2.1 |
| pixaria | pixaria_gallery | 1.0.2 |
| pixaria | pixaria_gallery | 1.1.6 |
| pixaria | pixaria_gallery | 1.1.4 |
| pixaria | pixaria_gallery | 1.0.1 |
| pixaria | pixaria_gallery | 1.3.2 |
| pixaria | pixaria_gallery | 1.1.2 |
| pixaria | pixaria_gallery | 1.3.3 |
| pixaria | pixaria_gallery | 1.3 |
| pixaria | pixaria_gallery | 1.4.1 |
| pixaria | pixaria_gallery | 1.3.1 |
| pixaria | pixaria_gallery | 1.0.3 |
| pixaria | pixaria_gallery | 1.1.5 |
| pixaria | pixaria_gallery | 1.2 |
| pixaria | pixaria_gallery | 1.1.3 |
| pixaria | pixaria_gallery | 1.1.1 |
| pixaria | pixaria_gallery | 1.4.2 |
| pixaria | pixaria_gallery | 1.0.5 |
| pixaria | pixaria_gallery | 1.4 |
| pixaria | pixaria_gallery | 1.0.4 |
| pixaria | pixaria_gallery | 1.1 |
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| pixaria | pixaria_gallery | 2.0.0 |
| pixaria | pixaria_gallery | 2.3.5 |