|Date: (C)2009-01-29 (M)2017-10-04|| |
Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery (ESPG) 1.72 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as a vulnerability in ESPG.
|CVSS Score: 7.8||Access Vector: NETWORK|
|Exploit Score: 10.0||Access Complexity: LOW|
|Impact Score: 6.9||Authentication: NONE|
| ||Confidentiality: COMPLETE|
| ||Integrity: NONE|
| ||Availability: NONE|