CVE-2006-2295 - Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary

CVE-2006-2295

Summary

Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php.

References

http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html
http://secunia.com/advisories/19995
http://www.securityfocus.com/bid/17896
http://www.vupen.com/english/advisories/2006/1699
https://exchange.xforce.ibmcloud.com/vulnerabilities/26322

Vulnerable Configurations

cpe:2.3:a:timobraun:dynamic_galerie:1.0:*:*:*:*:*:*:*
cpe:2.3:a:timobraun:dynamic_galerie:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17896
misc	http://d4igoro.blogspot.com/2006/05/dynamic-galerie-10-path-traversal-xss.html
secunia	19995
vupen	ADV-2006-1699
xf	dynamicgalerie-multiple-path-disclosure(26322)

Last major update

20-07-2017 - 01:31

Published

10-05-2006 - 02:14

Last modified

20-07-2017 - 01:31