QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3210

Published: Jun 24, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20060627 Re: [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities

mailing-list

x_refsource_BUGTRAQ

rig-dirabssrc-dirabsadminsrc-xss(27257)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_BID

20060620 [MajorSecurity #18] Ralf Image Gallery <=0.7.4 - Multiple XSS, Remote File Include and directory traversal vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_OSVDB

http://rig.powerpulsar.com/#news

x_refsource_CONFIRM

rig-dirabssrc-dirabsadminsrc-file-include(27259)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_OSVDB

rig-dirabssrc-directory-traversal(27256)

vdb-entry

x_refsource_XF

vdb-entry

x_refsource_OSVDB

http://www.majorsecurity.de/advisory/major_rls18.txt

x_refsource_MISC

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.