Vulnerability Details CVE-2006-0899
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.164
EPSS Ranking 94.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://retrogod.altervista.org/4images_171_adv.html
- http://secunia.com/advisories/19026
- http://securityreason.com/securityalert/518
- http://www.osvdb.org/23529
- http://www.securityfocus.com/archive/1/426468/100/0/threaded
- http://www.securityfocus.com/bid/16855
- http://www.vupen.com/english/advisories/2006/0754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24938
- https://www.exploit-db.com/exploits/1533
- http://retrogod.altervista.org/4images_171_adv.html
- http://secunia.com/advisories/19026
- http://securityreason.com/securityalert/518
- http://www.osvdb.org/23529
- http://www.securityfocus.com/archive/1/426468/100/0/threaded
- http://www.securityfocus.com/bid/16855
- http://www.vupen.com/english/advisories/2006/0754
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24938
- https://www.exploit-db.com/exploits/1533
Products affected by CVE-2006-0899
-
cpe:2.3:a:4images:image_gallery_management_system:*