Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MiniGal Nano <= 0.3.5 Path Traversal via dir Parameter
Vulnerability Description
MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
MiniGal Nano 路径遍历漏洞
Vulnerability Description
MiniGal Nano是rybber个人开发者的一个PHP相册程序。 MiniGal Nano 0.3.5及之前版本存在路径遍历漏洞,该漏洞源于index.php中dir参数存在路径遍历问题,可能导致枚举和显示来自非预期文件系统位置的图像文件。
CVSS Information
N/A
Vulnerability Type
N/A