CVE-2007-6323

Name of the Vulnerable Software and Affected Versions MMS Gallery PHP version 1.0

Description The issue allows remote attackers to read arbitrary files due to multiple directory traversal vulnerabilities. This can be achieved by including a .. (dot dot) in the id parameter to specific API endpoints, such as "get image.php" or "get file.php" in the "mms template/" directory.

Recommendations For MMS Gallery PHP version 1.0, restrict access to the "get image.php" and "get file.php" files in the "mms template/" directory to minimize the risk of exploitation. Avoid using the id parameter in these affected API endpoints until the issue is resolved.