YaPiG Password Protected Directory Access Flaw Network Vulnerability

Summary

The remote web server contains a PHP application that is prone to an information disclosure flaw. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of this software contains a flaw that can let a malicious user view images in password protected directories. Successful exploitation of this issue may allow an attacker to access unauthorized images on a vulnerable server.

Solution

Unknown at this time.

References

http://sourceforge.net/tracker/index.php?func=detail&aid=842990&group_id=93674&atid=605076
http://sourceforge.net/tracker/index.php?func=detail&aid=843736&group_id=93674&atid=605076

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Apache Tiles Multiple XSS Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
Apache Tomcat NIO Connector Denial of Service Vulnerability

Take action and discover your vulnerabilities