← back
CVE-2006-5554

CVE-2006-5554

EPSS 2.4%
Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/plain .gif file containing PHP code, which is executed by index.php.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/2647unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/22552https://www.exploit-db.com/exploits/2647http://www.securityfocus.com/bid/20731http://www.vupen.com/english/advisories/2006/4188