5

CVE-2006-1219

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gallery ProjectGallery Version2.0
Gallery ProjectGallery Version2.0.1
Gallery ProjectGallery Version2.0.2
Gallery ProjectGallery Version2.0.3
Gallery ProjectGallery Version2.0_alpha
Gallery ProjectGallery Version2.0_alpha1
Gallery ProjectGallery Version2.0_alpha2
Gallery ProjectGallery Version2.0_alpha3
Gallery ProjectGallery Version2.0_alpha4
Gallery ProjectGallery Version2.0_beta1
Gallery ProjectGallery Version2.0_beta2
Gallery ProjectGallery Version2.0_beta3
Gallery ProjectGallery Version2.1_rc1
Gallery ProjectGallery Version2.1_rc2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.75% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update
http://secunia.com/advisories/19175
Patch
Vendor Advisory
http://www.securityfocus.com/bid/17051
http://www.vupen.com/english/advisories/2006/0895
https://exchange.xforce.ibmcloud.com/vulnerabilities/25129
https://www.exploit-db.com/exploits/1566