CVE-2009-3912

2022-10-0316:23:55

mitre

www.cve.org

security vulnerability

directory traversal

tftgallery 0.13

AI Score

6.6

Confidence

Low

EPSS

0.123

Percentile

95.5%

JSON

Directory traversal vulnerability in index.php in TFTgallery 0.13 allows remote attackers to read arbitrary files via a …%2F (encoded dot dot slash) in the album parameter.

References

packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt

secunia.com/advisories/37156

www.securityfocus.com/bid/36899