ID OSVDB:33760
Type osvdb
Reporter OSVDB
Modified 2007-02-23T06:18:52
Description
Manual Testing Notes
/gallery.php?f=../../../../../../../../../../../../etc/passwd
References:
Related OSVDB ID: 33759
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0462.html
ISS X-Force ID: 32654
CVE-2007-1124
Bugtraq ID: 22700
{"href": "https://vulners.com/osvdb/OSVDB:33760", "history": [], "id": "OSVDB:33760", "reporter": "OSVDB", "published": "2007-02-23T06:18:52", "description": "## Manual Testing Notes\n/gallery.php?f=../../../../../../../../../../../../etc/passwd\n## References:\n[Related OSVDB ID: 33759](https://vulners.com/osvdb/OSVDB:33759)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0462.html\nISS X-Force ID: 32654\n[CVE-2007-1124](https://vulners.com/cve/CVE-2007-1124)\nBugtraq ID: 22700\n", "title": "Simple one-file gallery gallery.php f Variable Traversal Arbitrary File Access", "lastseen": "2017-04-28T13:20:30", "bulletinFamily": "software", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "hash": "465b41dd9cabd5f02735331244e66b9437d74856ef6302edda877ccf3d201546", "references": [], "edition": 1, "cvelist": ["CVE-2007-1124"], "affectedSoftware": [], "viewCount": 0, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2017-04-28T13:20:30"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-1124"]}, {"type": "exploitdb", "idList": ["EDB-ID:29642"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7305"]}], "modified": "2017-04-28T13:20:30"}, "vulnersScore": 6.7}, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "472f2a90566cc4b377453f5087efea55"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "673a8ccca7f26e37e70f2842327422c3"}, {"key": "href", "hash": "f30c6df69f1c016c44942f5682a694ed"}, {"key": "modified", "hash": "9990bd84a1fc426410ab340baa950236"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "9990bd84a1fc426410ab340baa950236"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "955b328dc7cd615c13af5464c9183464"}, {"key": "title", "hash": "331402891d8014079556bc3061ad2581"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "objectVersion": "1.2", "modified": "2007-02-23T06:18:52"}
{"cve": [{"lastseen": "2019-05-29T18:08:58", "bulletinFamily": "NVD", "description": "Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.", "modified": "2018-10-16T16:36:00", "id": "CVE-2007-1124", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1124", "published": "2007-02-27T02:28:00", "title": "CVE-2007-1124", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "exploitdb": [{"lastseen": "2016-02-03T10:48:04", "bulletinFamily": "exploit", "description": "Simple one-file gallery gallery.php f Parameter Traversal Arbitrary File Access. CVE-2007-1124. Webapps exploit for php platform", "modified": "2007-02-23T00:00:00", "published": "2007-02-23T00:00:00", "id": "EDB-ID:29642", "href": "https://www.exploit-db.com/exploits/29642/", "type": "exploitdb", "title": "Simple one-file gallery gallery.php f Parameter Traversal Arbitrary File Access", "sourceData": "source: http://www.securityfocus.com/bid/22700/info\r\n\r\nSimple one-file gallery is prone to multiple input-validation vulnerabilities, including a local file-include issue and a cross-site scripting issue.\r\n\r\nAn attacker can exploit these issues to steal cookie-based authentication credentials and to view and execute arbitrary local files within the context of the affected webserver. Other attacks are also possible. \r\n\r\nhttp://www.example.com/gallery.php?f=../../../../../../../../../../../../etc/passwd", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/29642/"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:24", "bulletinFamily": "software", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "modified": "2007-02-25T00:00:00", "published": "2007-02-25T00:00:00", "id": "SECURITYVULNS:VULN:7305", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7305", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:NONE/A:NONE/"}}]}