CVE-2006-0899 Information

Description

Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ..\ (dot dot) sequences in the template parameter.

Reference

http://retrogod.altervista.org/4images_171_adv.html http://secunia.com/advisories/19026 http://securityreason.com/securityalert/518 http://www.osvdb.org/23529 http://www.securityfocus.com/archive/1/426468/100/0/threaded http://www.securityfocus.com/bid/16855 http://www.vupen.com/english/advisories/2006/0754 https://exchange.xforce.ibmcloud.com/vulnerabilities/24938 https://www.exploit-db.com/exploits/1533