Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 and earlier, and possibly other versions before 1.3.2 Beta, allow remote attackers to (1) determine directory existence via a ".." in the album parameter in a show_album action to (a) ezgallery.php, which produces different responses depending on existence; and read arbitrary image files via a ".." in the album or (2) image parameter to (b) image.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
EZOnlineGallery 多个目录遍历漏洞
Vulnerability Description
EZOnlineGallery 1.3及之前版本和可能1.3.2 Beta之前的其他版本中存在多个目录遍历漏洞。远程攻击者可以(1)借助对(a) ezgallery.php的show_album操作中的相册参数中的"..",决定目录的存放位置。这会根据目录的存放位置而生成不同的响应。(2)借助相册或提交到(b)image.php的图像参数中的"..",读取任意的图像文件。
CVSS Information
N/A
Vulnerability Type
N/A