header-logo
Suggest Exploit
vendor:
i-Gallery
by:
7.5
CVSS
HIGH
Remote Information Disclosure
CWE
Product Name: i-Gallery
Affected Version From: i-Gallery 3.4
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

i-Gallery Remote Information Disclosure Vulnerability

i-Gallery is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized remote user to view arbitrary local files in the context of the webserver process. Information obtained may aid in further attacks.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26348/info

i-Gallery is prone to a remote information-disclosure vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized remote user to view arbitrary local files in the context of the webserver process. Information obtained may aid in further attacks.

i-Gallery 3.4 is vulnerable to this issue; other versions may also be vulnerable. 

http://www.example.com/gallery/igallery.asp?d=%5c../../%5c

Navigation

Suggest Exploit

Services By CQR