2 matches found
CVE-2009-1625
The vulnerability CVE-2009-1625 affects Thickbox Gallery 2: a directory traversal in index.php allows remote attackers to include and execute arbitrary local files via .. in the ln parameter. Reported impact per CVSS: partial confidentiality, integrity, and availability with network attack vector...
CVE-2008-3859
CVE-2008-3859 affects Davlin Thickbox Gallery 2. A direct request to conf/admins.php can disclose the administrative username and MD5 password hash, constituting a partial confidentiality impact as described in the NVD entry. The provided documents do not specify a vendor patch, affected versions...