Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

i-Gallery Traversal File Access / XSS

Medium

Synopsis

The remote host is vulnerable to a Directory Traversal flaw.

Description

The remote host is running i-Gallery, a web-based photo gallery. This version of i-Gallery is vulnerable to multiple flaws. Most importantly, the application is vulnerable to a directory traversal flaw. An attacker exploiting this flaw would only need to be able to send '../' HTTP requests to the vulnerable system. A successful attack would result in the attacker being able to download confidential files (such as password data).

Solution

Upgrade or patch according to vendor recommendations.