Summary
The remote web server contains a PHP application that is prone to an information disclosure flaw.
Description :
The remote host is running YaPiG, a web-based image gallery written in PHP.
The remote version of this software contains a flaw that can let a malicious user view images in password protected directories. Successful exploitation of this issue may allow an attacker to access unauthorized images on a vulnerable server.
Solution
Unknown at this time.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Apache Tiles Multiple XSS Vulnerability
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Tomcat NIO Connector Denial of Service Vulnerability