Bharat Mediratta Gallery目录遍历漏洞

漏洞信息详情

Bharat Mediratta Gallery目录遍历漏洞

• CNNVD编号：CNNVD-200111-015
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2001-0900
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2001-11-18
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-20
  
• 厂        商：
  
  francisco_burzi
• 漏洞来源：
  This vulnerability…

Gallery before 1.2.3版本的modules.php存在目录遍历漏洞。远程攻击者可以借助include参数的..(点点)读取任意文件。

The vendor has addressed this issue in a new release.
Bharat Mediratta Gallery 1.1

• Bharat Mediratta Gallery v1.2.3
  
  http://sourceforge.net/project/showfiles.php?group_id=7130&release_id=
  62216

Bharat Mediratta Gallery 1.2

• Bharat Mediratta Gallery v1.2.3
  
  http://sourceforge.net/project/showfiles.php?group_id=7130&release_id=
  62216

Bharat Mediratta Gallery 1.2.1

• Bharat Mediratta Gallery v1.2.3
  
  http://sourceforge.net/project/showfiles.php?group_id=7130&release_id=
  62216

Bharat Mediratta Gallery 1.2.1 p1

• Bharat Mediratta Gallery v1.2.3
  
  http://sourceforge.net/project/showfiles.php?group_id=7130&release_id=
  62216

Bharat Mediratta Gallery 1.2.2

• Bharat Mediratta Gallery v1.2.3
  
  http://sourceforge.net/project/showfiles.php?group_id=7130&release_id=
  62216

来源: BUGTRAQ
名称: 20011118 Gallery Addon for PhpNuke remote file viewing vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2

来源: XF
名称: phpnuke-gallery-directory-traversal(7580)
链接:http://xforce.iss.net/xforce/xfdb/7580

来源: BID
名称: 3554
链接:http://www.securityfocus.com/bid/3554

来源: OSVDB
名称: 677
链接:http://www.osvdb.org/677