Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0899

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0899
Last Modified 07 Mar 2011 09:31:03
Published 27 Feb 2006 02:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0899

Summary

Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.

Vulnerable Systems

Application

  • 4images Image Gallery Management System 1.7.1


References

XF - 4images-template-file-include(24938)

VUPEN - ADV-2006-0754

BID - 16855

BUGTRAQ - 20060301 4images <=1.7.1 remote code execution

OSVDB - 23529

SECUNIA - 19026

MISC - http://retrogod.altervista.org/4images_171_adv.html

MILW0RM - 1533

SREASON - 518


Last Updated: 27 May 2016 10:41:50