PT-2008-3271 · Arwscripts · Arwscripts Gallery Script Lite

Jiko

Published

2008-04-11

Updated

2017-10-19

CVE-2008-1730

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ARWScripts Gallery Script Lite versions prior to 20080411

Description A directory traversal issue exists, allowing remote attackers to read arbitrary local files via directory traversal sequences in the path parameter.

Recommendations For versions prior to 20080411, consider restricting access to the download.html file until a fix is available. As a temporary workaround, avoid using the path parameter in the download.html file to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2008-1730

Affected Products

Arwscripts Gallery Script Lite

PT-2008-3271 · Arwscripts · Arwscripts Gallery Script Lite

CVE-2008-1730

Weakness Enumeration

Related Identifiers

Affected Products

References · 6