Title : Gallery "g2_itemId" Parameter Directory Traversal Vulnerability VUPEN ID : VUPEN/ADV-2005-2110 CVE ID : CVE-2005-3251
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-10-17
Technical Description
A vulnerability has been identified in Gallery, which may be exploited by remote attackers to access arbitrary files outside of the webroot directory. This flaw is due to an input validation error in the script "main.php" that does not properly filter a specially crafted "g2_itemId" parameter, which may be exploited by remote attackers to disclose the contents of arbitrary files from a vulnerable system.
