CVE-2006-5205 Information

Description

Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php when the viewimage command in the gallery module is used.

Reference

http://secunia.com/advisories/22400 http://www.securityfocus.com/bid/20328 https://exchange.xforce.ibmcloud.com/vulnerabilities/29334 https://www.exploit-db.com/exploits/2473