PT-2006-3185 · 321Soft · Php-Gallery

Published

2006-05-05

Updated

2018-10-18

CVE-2006-2211

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions 321soft PhP-Gallery version 0.9

Description The issue allows remote attackers to browse arbitrary directories due to an absolute path traversal vulnerability in the index.php file. This is achieved by manipulating the path parameter.

Recommendations For 321soft PhP-Gallery version 0.9, consider restricting access to the path parameter in the index.php file to prevent arbitrary directory browsing until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2211

Affected Products

Php-Gallery

PT-2006-3185 · 321Soft · Php-Gallery

CVE-2006-2211

Related Identifiers

Affected Products

References · 8