CVE-2006-7103

by Fred · 03/03/2007

Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.

Date published : 2007-03-03

http://www.securityfocus.com/bid/20763

http://www.securityfocus.com/archive/1/449889/100/0/threaded

CVE-2006-7103

Similar

Recent Posts

Categories

CVE-2006-7103

Share this:

Similar

Recent Posts

Categories

Tags