icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

i-Gallery Traversal File Access / XSS

Medium

Synopsis

The remote host is vulnerable to a Directory Traversal flaw.

Description

The remote host is running i-Gallery, a web-based photo gallery. This version of i-Gallery is vulnerable to multiple flaws. Most importantly, the application is vulnerable to a directory traversal flaw. An attacker exploiting this flaw would only need to be able to send '../' HTTP requests to the vulnerable system. A successful attack would result in the attacker being able to download confidential files (such as password data).

Solution

Upgrade or patch according to vendor recommendations.