CVE-2004-2124 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	6.79%	–	–
2022-04-03	–	–	6.79%	–	–
2022-05-22	–	–	6.79%	–	–
2023-03-12	–	–	–	7.78%	–
2023-11-12	–	–	–	7.78%	–
2024-06-02	–	–	–	7.26%	–
2024-12-08	–	–	–	6.77%	–
2025-01-19	–	–	–	6.77%	–
2025-03-18	–	–	–	–	6.91%
2025-03-30	–	–	–	–	6.36%
2025-03-30	–	–	–	–	6.36,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	8%
2022-04-03	91%
2022-05-22	92%
2023-03-12	93%
2023-11-12	94%
2024-06-02	94%
2024-12-08	94%
2025-01-19	94%
2025-03-18	91%
2025-03-30	9%
2025-03-30	9%

source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of register_globals when the register_globals settings is disabled. It has been reported that register_globals functionality is simulated by extracting the values of the various $HTTP_ global variables into the global namespace. Due to improper sanitization of user-supplied data, an attacker may be able to overwrite the value of 'HTTP_POST_VARS' via the register_global simulation. Arbitrary PHP files may be included via the 'GALLERY_BASEDIR' parameter. The vendor has reported that this issue exists in Gallery versions 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1. http://www.example.com/gallery/init.php?HTTP_POST_VARS=xxx