Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a … (dot dot) in the phpEx parameter within a modload action.
CPE | Name | Operator | Version |
---|---|---|---|
gallery | eq | 1.6 alpha3 | |
gallery | eq | 1.5.7 |