CVE-2006-6273

sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid dir parameter, which reveals the path in an error message.