Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-284 | Not specified | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Not specified | High | Remote | 2005-11-16 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | 0.831049 | 0.79 |
The MG2 Image Gallery system has the ability to make create online galleries. Even password protected once. By manipulating url from a gallery, you are able to list out all pictures in every gallery. Even though they are inside a password protected folder. Sample manipulation could be: www.yoursite.com/mg2/index.php?list=*&page=all The "*" replaces the album number, showing every album. The "all" command is an option programmed in the system to view all pictures within a SINGLE gallery. Those two combined, will expose any password protected images. The system can be downloaded from: http://www.minigal.dk/ Please credit find to: Preben Nylokken
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.