Vulnerability Description
imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sergey Kiselev | Sgallery | 1.01 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html
- http://marc.info/?l=bugtraq&m=110557050700947&w=2
- http://securitytracker.com/id?1012868
- http://www.waraxe.us/advisory-39.htmlExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18877
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html
- http://marc.info/?l=bugtraq&m=110557050700947&w=2
- http://securitytracker.com/id?1012868
- http://www.waraxe.us/advisory-39.htmlExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18877
FAQ
What is CVE-2005-0375?
CVE-2005-0375 is a vulnerability with a CVSS score of 5.0 (MEDIUM). imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error messa...
How severe is CVE-2005-0375?
CVE-2005-0375 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0375?
Check the references section above for vendor advisories and patch information. Affected products include: Sergey Kiselev Sgallery.