YaPiG Password Protected Directory Access Flaw Network Vulnerability

Summary

The remote web server contains a PHP application that is prone to an information disclosure flaw. Description : The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of this software contains a flaw that can let a malicious user view images in password protected directories. Successful exploitation of this issue may allow an attacker to access unauthorized images on a vulnerable server.

Solution

Unknown at this time.

References

http://sourceforge.net/tracker/index.php?func=detail&aid=842990&group_id=93674&atid=605076
http://sourceforge.net/tracker/index.php?func=detail&aid=843736&group_id=93674&atid=605076

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AdaptCMS 'init.php' Remote File Include Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Rave User Information Disclosure Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability

Take action and discover your vulnerabilities