CVE-2001-1234
First published: Tue Oct 02 2001(Updated: )
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GalleryCMS | =1.1 | |
| GalleryCMS | =1.2 | |
| GalleryCMS | =1.2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-1234?
CVE-2001-1234 is considered a high severity vulnerability due to its potential for remote code execution.
How do I fix CVE-2001-1234?
To fix CVE-2001-1234, you should upgrade to Gallery version 1.2.1 or later, which patches this vulnerability.
What type of attack does CVE-2001-1234 allow?
CVE-2001-1234 allows remote attackers to execute arbitrary code by using a crafted HTTP request.
What software is affected by CVE-2001-1234?
CVE-2001-1234 affects Gallery versions 1.1, 1.2, and earlier than 1.2.1.
Is CVE-2001-1234 still relevant today?
While CVE-2001-1234 is an older vulnerability, it is important to patch affected versions to prevent exploitation in legacy systems.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/remedy
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/gallery project
- canonical/gallerycms
- version/gallerycms/1.1
- version/gallerycms/1.2
- version/gallerycms/1.2.1