Description
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
Affected products
References
- VENDOR_ADVISORYhttp://secunia.com/advisories/19026
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/24938
- EXPLOIThttps://www.exploit-db.com/exploits/1533
- MISChttp://securityreason.com/securityalert/518
- MISChttp://retrogod.altervista.org/4images_171_adv.html
- MISChttp://www.securityfocus.com/archive/1/426468/100/0/threaded
- MISChttp://www.osvdb.org/23529
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0754
- MISChttp://www.securityfocus.com/bid/16855