A vulnerability classified as critical has been found in PhpWebGallery 1.0/1.4.1/1.5.1 (Photo Gallery Software). Affected is an unknown code block of the file picture.php. The manipulation of the argument cat with an unknown input leads to a privileges management vulnerability. CWE is classifying the issue as CWE-269. The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. This is going to have an impact on confidentiality. CVE summarizes:

PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

The weakness was released 04/26/2006 (Website). The advisory is shared for download at secunia.com. This vulnerability is traded as CVE-2006-2041 since 04/26/2006. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1068.

It is declared as proof-of-concept. By approaching the search of inurl:picture.php it is possible to find vulnerable targets with Google Hacking.

Upgrading to version 1.6.0rc1 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at X-Force (26079).

Productinfo

Type

• Photo Gallery Software

Name

• PhpWebGallery

Version

• 1.0
• 1.4.1
• 1.5.1

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion