Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4092

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4092
Last Modified 11 Oct 2008 01:40:22
Published 30 Jul 2007 04:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4092

Summary

Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter.

Vulnerable Systems

Application

  • Ifoto 1.0.1


References

BID - 25065

BUGTRAQ - 20081007 Re: iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability

BUGTRAQ - 20081004 iFoto, CSS-based GD2 photo gallery <= 1.0: Remote File Disclosure Vulnerability

SECUNIA - 26186

MISC - http://lostmon.blogspot.com/2007/07/ifoto-traversal-folder-enumeration.html


Last Updated: 27 May 2016 10:45:46