Vulnerabilities > CVE-2006-3194 - Directory Traversal and Cross-Site Scripting vulnerability in Singapore Gallery

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

singapore

exploit available

NVD

Published: 2006-06-23

Updated: 2018-10-18

Summary

Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter.

Vulnerable Configurations

Part	Description	Count
Application	Singapore Singapore Singapore 0.9.1_Beta Singapore Singapore 0.9.2_Beta Singapore Singapore 0.9.3_Beta Singapore Singapore 0.9.4_Beta Singapore Singapore 0.9.5_Beta Singapore Singapore 0.9.6_Beta Singapore Singapore 0.9.7 Singapore Singapore 0.9.7_Beta Singapore Singapore 0.9.8_Beta Singapore Singapore 0.9.9A_Beta Singapore Singapore 0.9.9B_Beta Singapore Singapore 0.9.10 Singapore Singapore 0.9.10_Beta Singapore Singapore 0.9.11_Beta Singapore Singapore 0.9_Beta Singapore Singapore 0.9A_Beta Singapore Singapore 0.10.0	17

Exploit-Db

description	singapore 0.9.x/0.10 Multiple Parameter Traversal Arbitrary File Access. CVE-2006-3194. Webapps exploit for php platform
id	EDB-ID:28066
last seen	2016-02-03
modified	2006-06-19
published	2006-06-19
reporter	simo64
source	https://www.exploit-db.com/download/28066/
title	singapore 0.9.x/0.10 - Multiple Parameter Traversal Arbitrary File Access

Summary

Vulnerable Configurations

Exploit-Db

References