CVE-2007-5776

Name of the Vulnerable Software and Affected Versions i-Gallery version 3.4

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using encoded backslash sequences in the d parameter. For example, a "%5c../../%5c" sequence can be used to traverse directories.

Recommendations For version 3.4, consider restricting access to the igallery.asp file until a patch is available. As a temporary workaround, avoid using the d parameter in the igallery.asp file to minimize the risk of exploitation.