Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1219

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1219
Last Modified 07 Mar 2011 09:32:27
Published 13 Mar 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1219

Summary

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.

Vulnerable Systems

Application

  • Gallery Project Gallery 2.0

  • Gallery Project Gallery 2.0 Alpha

  • Gallery Project Gallery 2.0 Alpha1

  • Gallery Project Gallery 2.0 Alpha2

  • Gallery Project Gallery 2.0 Alpha3

  • Gallery Project Gallery 2.0 Alpha4

  • Gallery Project Gallery 2.0 Beta1

  • Gallery Project Gallery 2.0 Beta2

  • Gallery Project Gallery 2.0 Beta3

  • Gallery Project Gallery 2.0.1

  • Gallery Project Gallery 2.0.2

  • Gallery Project Gallery 2.0.3

  • Gallery Project Gallery 2.1 Rc1

  • Gallery Project Gallery 2.1 Rc2


References

SECUNIA - 19175

XF - gallery-multiple-index-file-include(25129)

VUPEN - ADV-2006-0895

MILW0RM - 1566

CONFIRM - http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update

BID - 17051


Last Updated: 27 May 2016 10:41:58