Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

YaPiG Remote Server-Side Script Execution Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for YaPiG version

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is prone to
arbitrary PHP code injection vulnerabilities.

Description :

The remote host is running YaPiG, a web-based image gallery written in

The remote version of YaPiG may allow a remote attacker to execute
malicious scripts on a vulnerable system. This issue exists due to a
lack of sanitization of user-supplied data. It is reported that an
attacker may be able to upload content that will be saved on the
server with a '.php' extension. When this file is requested by the
attacker, the contents of the file will be parsed and executed by the
PHP engine, rather than being sent. Successful exploitation of this
issue may allow a possible hacker to execute malicious script code on a
vulnerable server.

See also :

Solution :

Upgrade to YaPiG 0.92.2 or later.

Threat Level:

High / CVSS Base Score : 7

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.