CVE-2006-1995

Name of the Vulnerable Software and Affected Versions Scry Gallery version 1.1

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the index.php file. This is caused by ".." sequences in the p parameter, which is not properly sanitized. The vulnerability arises from an rtrim function call with the arguments in the wrong order.

Recommendations For Scry Gallery version 1.1, consider sanitizing the p parameter to prevent directory traversal attacks. As a temporary workaround, restrict access to the index.php file until a proper fix is applied.