1. CVE-Search
  2. CVE-2006-7103
ID CVE-2006-7103
Summary Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.
References
Vulnerable Configurations
  • cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.3:beta:*:*:*:*:*:*
    cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.1:beta:*:*:*:*:*:*
    cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.2:beta:*:*:*:*:*:*
    cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:ezonlinegallery:ezonlinegallery:0.9:beta:*:*:*:*:*:*
    cpe:2.3:a:ezonlinegallery:ezonlinegallery:0.9:beta:*:*:*:*:*:*
  • cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.0:beta:*:*:*:*:*:*
    cpe:2.3:a:ezonlinegallery:ezonlinegallery:1.0:beta:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 20763
bugtraq 20061027 MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues
confirm http://www.ezonlinegallery.com/changelog.txt
fulldisc 20061027 MHL-2006-003 Public Advisory: "ezOnlineGallery" Multiple Security Issues
misc http://www.mayhemiclabs.com/advisories/MHL-2006-003.txt
sreason 2362
xf
  • ezonlinegallery-ezgallery-path-disclosure(29835)
  • ezonlinegallery-image-directory-traversal(29836)
Last major update 14-02-2024 - 01:17
Published 03-03-2007 - 21:19
Last modified 14-02-2024 - 01:17
Back to Top