Vulnerabilities > CVE-2006-1995 - Directory Traversal vulnerability in Scry Gallery Scry Gallery 1.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

scry-gallery

exploit available

NVD

Published: 2006-04-25

Updated: 2018-10-18

Summary

Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order.

Vulnerable Configurations

Part	Description	Count
Application	Scry_Gallery Scry Gallery Scry Gallery 1.1	1

Exploit-Db

description	Scry Gallery Directory Traversal Vulnerability. CVE-2006-1995. Webapps exploit for php platform
id	EDB-ID:27724
last seen	2016-02-03
modified	2006-04-21
published	2006-04-21
reporter	Morocco Security Team
source	https://www.exploit-db.com/download/27724/
title	Scry Gallery Directory Traversal Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References