4 matches found
CVE-2026-25868
MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting XSS vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25869 MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted...
CVE-2026-25868
MiniGal Nano