CVE-2006-0899 - Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers

CVE-2006-0899

Summary

Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.

References

http://retrogod.altervista.org/4images_171_adv.html
http://secunia.com/advisories/19026
http://securityreason.com/securityalert/518
http://www.osvdb.org/23529
http://www.securityfocus.com/archive/1/426468/100/0/threaded
http://www.securityfocus.com/bid/16855
http://www.vupen.com/english/advisories/2006/0754
https://exchange.xforce.ibmcloud.com/vulnerabilities/24938
https://www.exploit-db.com/exploits/1533

Vulnerable Configurations

cpe:2.3:a:4images:image_gallery_management_system:*:*:*:*:*:*:*:*
cpe:2.3:a:4images:image_gallery_management_system:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16855
bugtraq	20060301 4images <=1.7.1 remote code execution
exploit-db	1533
misc	http://retrogod.altervista.org/4images_171_adv.html
osvdb	23529
secunia	19026
sreason	518
vupen	ADV-2006-0754
xf	4images-template-file-include(24938)

Last major update

18-10-2018 - 16:29

Published

27-02-2006 - 19:06

Last modified

18-10-2018 - 16:29