PT-2009-6133 · Tftgallery · Tftgallery
Publicado
2009-11-09
·
Atualizado
2009-11-09
·
CVE-2009-3912
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TFTgallery version 0.13
Description
A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by providing a ..%2F (encoded dot dot slash) in the
album parameter of the index.php file.Recommendations
For TFTgallery version 0.13, consider restricting access to the
album parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the album parameter with untrusted input.Exploit
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tftgallery