CVE-2010-2334 Information

Description

Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00 as distributed before 20100618 allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.

Reference

http://osvdb.org/65479 http://secunia.com/advisories/40150 http://www.exploit-db.com/exploits/13856 http://www.yamamah.org/home/?page=39