2 matches found
CVE-2009-3366
CVE-2009-3366 concerns a directory traversal vulnerability in navigation.php of An Image Gallery 1.0. The issue lets remote attackers list arbitrary directories by supplying .. in the path parameter. Public sources (NVD entry) rate this with CVSSv2 base score 5.0 (NETWORK, LOW exploitability, Par...
CVE-2009-3367
CVE-2009-3367 affects the web application “An Image Gallery” <= 1.0, with multiple XSS vulnerabilities in PHP entry points. The issue allows remote attackers to inject arbitrary scripts/HTML through the path parameter to index.php and main.php, and through the show parameter to main.php. The s...