i-Gallery Traversal File Access / XSS
Medium Nessus Network Monitor Plugin ID 3026
SynopsisThe remote host is vulnerable to a Directory Traversal flaw.
DescriptionThe remote host is running i-Gallery, a web-based photo gallery.
This version of i-Gallery is vulnerable to multiple flaws. Most importantly, the application is vulnerable to a directory traversal flaw. An attacker exploiting this flaw would only need to be able to send '../' HTTP requests to the vulnerable system. A successful attack would result in the attacker being able to download confidential files (such as password data).
SolutionUpgrade or patch according to vendor recommendations.