CVE-2006-2014

Properties

Published:
24.04.2006
Updated:
26.04.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
    Product:
    Web-provence: SL_site

    Vulnerability description

    Directory traversal vulnerability in gallerie.php in SL_site 1.0 allows remote attackers to list images in arbitrary directories via".."sequences in the rep parameter, which is used to construct a directory name in admin/config.inc.php.  NOTE: this issue could be used to produce resultant XSS from an error message.

    References:

    SECTRACK: http://securitytracker.com/id?1015972
    SECUNIA: http://secunia.com/advisories/19792