CVE-2006-1995

Properties

Published:
24.04.2006
Updated:
26.04.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
    Product:
    Scry Gallery: Scry Gallery

    Vulnerability description

    Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via".."sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.

    References:

    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/431716/100/0/threaded
    http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit: http://downloads.securityfocus.com/vulnerabilities/exploits/17649-directory-traversal.exploit
    BID: http://www.securityfocus.com/bid/17649