CVE-2015-4415

Name of the Vulnerable Software and Affected Versions Anima Gallery version 2.6

Description The issue concerns directory traversal vulnerabilities in the func.php file of Anima Gallery. Remote attackers can exploit this by including and executing arbitrary local files. This can be achieved by using a .. (dot dot) in the theme or lang cookie parameter to the "AnimaGallery/" endpoint.

Recommendations For Anima Gallery version 2.6, consider restricting access to the func.php file until a patch is available. As a temporary workaround, avoid using the theme and lang cookie parameters in the AnimaGallery/ endpoint to minimize the risk of exploitation.