Directory traversal

2008-08-1419:41:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

JSON

Directory traversal vulnerability in classes/imgsize.php in Gelato 0.95 allows remote attackers to read arbitrary files via (1) a … (dot dot) and possibly (2) a full pathname in the img parameter. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
gelatocmseq0.95

CPE	Name	Operator	Version
	gelatocms	eq	0.95

References

secunia.com/advisories/31456

securityreason.com/securityalert/4154

www.securityfocus.com/bid/30672

exchange.xforce.ibmcloud.com/vulnerabilities/44416

www.exploit-db.com/exploits/6235