YaPiG Directory Traversal Vulnerability

vendor:

YaPiG

by:

SecurityFocus

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: YaPiG

Affected Version From: 0.92b

Affected Version To: 0.94u

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

YaPiG Directory Traversal Vulnerability

An authorized user can add and delete arbitrary directories outside of the gallery directory by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of integrity and possibly loss of availability.

Mitigation:

Input validation should be used to prevent directory traversal attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13877/info

YaPiG is prone to a directory traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An authorized user can add and delete arbitrary directories outside of the gallery directory by supplying directory traversal strings '../' to the vulnerable parameter. Exploitation of this vulnerability could lead to a loss of integrity and possibly loss of availability.

This issue is reported to affect YaPiG versions 0.92b, 0.93u and 0.94u; earlier versions may also be affected. 

Arbitrary Directory Removal:
http://www.example.com/upload.php?step=rmdir&dir=../folder

Arbitrary Directory Creation:
http://www.example.com/upload.php?step=mkdir&dir=../folder