Vulnerabilities > CVE-2006-5554 - Remote File Include vulnerability in ImageView
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Imageview <= 5 (Cookie/index.php) Remote Local Include Exploit. CVE-2006-5554. Webapps exploit for php platform |
| file | exploits/php/webapps/2647.php |
| id | EDB-ID:2647 |
| last seen | 2016-01-31 |
| modified | 2006-10-25 |
| platform | php |
| port | |
| published | 2006-10-25 |
| reporter | Kacper |
| source | https://www.exploit-db.com/download/2647/ |
| title | Imageview <= 5 Cookie/index.php Remote Local Include Exploit |
| type | webapps |