Required CVE Record Information
Description
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
References 4 Total
- exploit-db.com: 2647 exploit
- vupen.com: ADV-2006-4188 vdb-entry
- securityfocus.com: 20731 vdb-entry
- secunia.com: 22552 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 4 Total
- exploit-db.com: 2647 exploitx_transferred
- vupen.com: ADV-2006-4188 vdb-entryx_transferred
- securityfocus.com: 20731 vdb-entryx_transferred
- secunia.com: 22552 third-party-advisoryx_transferred