CVE-2010-4406

Name of the Vulnerable Software and Affected Versions Brunetton LittlePhpGallery version 1.0.2

Description The issue allows remote attackers to list, include, and execute arbitrary local files. This is achieved by exploiting a directory traversal vulnerability in the gallery.php file when the magic quotes gpc setting is disabled. The vulnerability can be triggered by including a ..// (dot dot slash slash) sequence in the repertoire parameter.

Recommendations For Brunetton LittlePhpGallery version 1.0.2, consider disabling the gallery.php file or restricting access to it until a patch is available. As a temporary workaround, enable the magic quotes gpc setting to prevent the exploitation of this issue. Avoid using the repertoire parameter in the vulnerable gallery.php file until the issue is resolved.