CVE-2007-6648 - Path Traversal vulnerability in Sanybee Gallery Sanybee Gallery 0.1.1

Publication

2008-01-04

Last modification

2017-09-29

Summary

Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter.

Description

SanyBee Gallery is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data.An attacker can exploit this issue to execute arbitrary local scripts and retrieve potentially sensitive information.SanyBee Gallery 0.1.1 is affected by this issue; other versions may be vulnerable as well.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: info@vumetric.com.

Exploit

An attacker can exploit this issue with a browser.The following proof-of-concept is available:http://www.example.com/[SanyBee Gallery 0.1.1]/index.php?p=[ LFI ]%00

Classification

CWE-22 - Path Traversal

Risk level (CVSS AV:N/AC:L/Au:N/C:N/I:P/A:N)

Medium

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Sanybee Gallery Sanybee Gallery  0.1.1