PT-2007-3961 · R2K · R2K Gallery

Dj7Xpl

Published

2007-05-13

Updated

2017-10-11

CVE-2007-2642

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions R2K Gallery version 1.7

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved by using a .. (dot dot) in the lang2 parameter of the galeria.php file.

Recommendations For R2K Gallery version 1.7, consider restricting access to the galeria.php file until a patch is available, or avoid using the lang2 parameter with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-2642

Affected Products

R2K Gallery

PT-2007-3961 · R2K · R2K Gallery

CVE-2007-2642

Related Identifiers

Affected Products

References · 8