CVE-2006-3210
CVE-2006-3210
Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1942unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://rig.powerpulsar.com/#newshttp://secunia.com/advisories/20771http://securityreason.com/securityalert/1136https://exchange.xforce.ibmcloud.com/vulnerabilities/27256https://exchange.xforce.ibmcloud.com/vulnerabilities/27257https://exchange.xforce.ibmcloud.com/vulnerabilities/27259http://www.majorsecurity.de/advisory/major_rls18.txthttp://www.osvdb.org/26753http://www.osvdb.org/26754http://www.osvdb.org/26755http://www.osvdb.org/26756http://www.securityfocus.com/archive/1/437818/100/0/threaded