CVE-2007-6323 – Mms Gallery PHP 1.0 - 'id' Remote File Disclosure
https://notcve.org/view.php?id=CVE-2007-6323
Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) get_image.php or (2) get_file.php in mms_template/. Múltiples vulnerabilidades de salto de directorio en MMS Gallery PHP 1.0 permiten a atacantes remotos leer y ejecutar ficheros de su elección mediante secuencias .. (punto punto) en el parámetro id a (1) get_image.php o (2) get_file.php en mms_template/. • https://www.exploit-db.com/exploits/4728 http://osvdb.org/39148 http://osvdb.org/39149 http://secunia.com/advisories/28075 http://www.securityfocus.com/bid/26852 https://exchange.xforce.ibmcloud.com/vulnerabilities/39014 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •