CVE-2006-1128

Name of the Vulnerable Software and Affected Versions Gallery 2 versions up to 2.0.2

Description A directory traversal issue exists in the session handling class, specifically in GallerySession.class, allowing remote attackers to access and delete files. This is achieved by specifying a session in a cookie, which is then used to construct file paths before the session value is properly sanitized.

Recommendations For Gallery 2 versions up to 2.0.2, update to a version later than 2.0.2 to resolve the issue.