2 matches found
CVE-2006-5554
CVE-2006-5554 affects Imageview 5, where a directory-traversal flaw in index.php can be triggered by a .. in the user_settings cookie. An attacker can leverage the MyFile parameter in albumview.php to upload a text/plain .gif containing PHP code, which is then executed by index.php, enabling read...
CVE-2007-2425
CVE-2007-2425 describes a directory traversal in the Imageview 5.3 product, specifically in the fileview.php component. The vulnerability enables remote attackers to read arbitrary files by supplying a .. (dot dot) sequence in the album parameter. The primary affected artifact is fileview.php wit...