CVE-2009-1510

Name of the Vulnerable Software and Affected Versions: KoschtIT Image Gallery version 1.82

Description: The issue concerns multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to include and execute arbitrary local files. The attack can be performed by using directory traversal sequences in the file parameter to specific API endpoints, such as "/ki base/ki makepic.php" and "/ki base/ki nojsdisplayimage.php".

Recommendations: For KoschtIT Image Gallery version 1.82, consider restricting access to the ki makepic.php and ki nojsdisplayimage.php files in the ki base/ directory until a patch is available. Avoid using the file parameter in these API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.