PT-2005-3494 · Mig · Image Gallery

Published

2005-08-17

Updated

2011-03-08

CVE-2005-2604

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions My Image Gallery (Mig) version 1.4.1

Description The issue allows remote attackers to obtain the web server path via certain currDir and image arguments in the index.php file, which leaks the path in an error message.

Recommendations For My Image Gallery (Mig) version 1.4.1, consider modifying the index.php file to handle errors without disclosing the web server path, or restrict access to the index.php file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-2604

Affected Products

Image Gallery

PT-2005-3494 · Mig · Image Gallery

CVE-2005-2604

Related Identifiers

Affected Products

References · 7