CVE-2004-1407

Name of the Vulnerable Software and Affected Versions: singapore Image Gallery Web Application version 0.9.10

Description: The issue allows remote attackers to read or delete arbitrary files. This can be achieved through directory traversal vulnerabilities, specifically by exploiting the showThumb method in thumb.php to read files or by exploiting admin.class.php to delete files.

Recommendations: For version 0.9.10, consider restricting access to the thumb.php and admin.class.php files until a patch is available. As a temporary workaround, avoid using the showThumb method in thumb.php and restrict the functionality of admin.class.php to minimize the risk of exploitation.