PT-2006-6815 · Wabbit · Wabbit Php Gallery

Steven M. Christey

Publicado

2006-12-01

Atualizado

2018-10-17

CVE-2006-6185

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wabbit PHP Gallery version 0.9

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the dir parameter to the "index.php" endpoint.

Recommendations For Wabbit PHP Gallery version 0.9, consider restricting access to the dir parameter in the "index.php" endpoint to prevent directory traversal attacks. As a temporary workaround, restrict access to sensitive files and directories until a patch is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6185

Produtos afetados

Wabbit Php Gallery

PT-2006-6815 · Wabbit · Wabbit Php Gallery

CVE-2006-6185

Identificadores relacionados

Produtos afetados

Referências · 9