PT-2006-6815 · Wabbit · Wabbit Php Gallery

Steven M. Christey

Published

2006-12-01

Updated

2018-10-17

CVE-2006-6185

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Wabbit PHP Gallery version 0.9

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by including a .. (dot dot) in the dir parameter to the "index.php" endpoint.

Recommendations For Wabbit PHP Gallery version 0.9, consider restricting access to the dir parameter in the "index.php" endpoint to prevent directory traversal attacks. As a temporary workaround, restrict access to sensitive files and directories until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6185

Affected Products

Wabbit Php Gallery

PT-2006-6815 · Wabbit · Wabbit Php Gallery

CVE-2006-6185

Related Identifiers

Affected Products

References · 9