CVE-2005-4799 in YaPIG
Summary
by MITRE
Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 06/25/2025
The vulnerability identified as CVE-2005-4799 represents a critical cross-site scripting weakness in the Yet Another PHP Image Gallery version 0.95b and earlier implementations. This security flaw exposes the system to remote code execution through malicious web script injection, potentially allowing attackers to compromise user sessions and manipulate gallery content. The vulnerability specifically affects two input vectors within the gallery's comment and image display functionalities, creating multiple attack surfaces for malicious actors seeking to exploit the system's trust in user-provided data.
The technical implementation of this vulnerability stems from inadequate input validation and output sanitization within the YaPIG application's handling of user-submitted data. The Homepage field, also known as the Website field, within image-related comments creates an injection point where attackers can embed malicious javascript code or html markup that gets executed when other users view the gallery. Additionally, the img_size field in the view.php script provides another vector where malicious input can be processed without proper sanitization, allowing attackers to inject harmful scripts that execute in the context of the victim's browser. Both vectors demonstrate a fundamental failure in the application's security architecture to properly validate and escape user input before rendering it in web pages.
The operational impact of this vulnerability extends beyond simple data corruption or display manipulation, as it creates potential for session hijacking, credential theft, and broader system compromise. When users view comments containing malicious scripts, their browsers execute the injected code, which could redirect them to phishing sites, steal cookies, or perform unauthorized actions on their behalf. The vulnerability's persistence in older versions of YaPIG suggests that the security community recognized this as a significant risk that required immediate attention, as the XSS attack vector can be leveraged to create persistent threats that affect multiple users over time.
Security professionals should consider this vulnerability in relation to CWE-79, which specifically addresses cross-site scripting flaws in software applications. The attack patterns associated with this vulnerability align with ATT&CK technique T1566, which covers social engineering through malicious content delivery, and T1059, which involves command and scripting interpreters for execution. Organizations using YaPIG should implement immediate mitigations including input validation, output encoding, and proper sanitization of all user-submitted data. The recommended approach involves implementing strict validation rules for all input fields, particularly those used for displaying user-generated content, along with regular security updates to ensure the gallery software remains current with security patches and best practices. Given the age of the affected version, the most effective long-term solution involves migrating to a supported, secure version of the gallery software or implementing additional security layers such as web application firewalls to protect against exploitation attempts.