Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Ralf Image Gallery 多个PHP远程文件包含和目录遍历漏洞
Vulnerability Description
Ralf Image Gallery (RIG) 在启用register_globals时,可以使远程攻击者借助(a) check_entry.php, (b) admin_album.php, (c) admin_image.php和(d) admin_util.php中的(1) dir_abs_src参数; 以及admin_album.php和admin_image.php中的 (2) dir_abs_admin_src参数中的URL或 ".."序列,进行PHP远程文件包含和目录遍历攻击。注意:此问题
CVSS Information
N/A
Vulnerability Type
N/A