Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.
References
Configurations
History
No history.
Information
Published : 2010-12-06 13:37
Updated : 2025-04-11 00:51
NVD link : CVE-2010-4406
Mitre link : CVE-2010-4406
CVE.ORG link : CVE-2010-4406
JSON object : View
Products Affected
brunetton
- littlephpgallery
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')