Sign-up

ID

VAR-200111-0007


CVE

CVE-2001-0900


TITLE

Bharat Mediratta Gallery Directory Traversal Vulnerability

Trust: 0.9

sources: BID: 3554 // CNNVD: CNNVD-200111-015

DESCRIPTION

Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter. Bharat Mediratta Gallery is a free, open source web-based photo album which may be used as an add-on for the PHPNuke web portal. Due to insufficient validation of user-supplied input, it is be possible to view arbitrary web-readable files via a specially crafted web request which contains '../' sequences. This issue may allow a remote attacker to gather sensitive information which may be used in directed and organized attacks against a host running the Gallery software. A remote attacker can use the .

Trust: 1.26

sources: NVD: CVE-2001-0900 // BID: 3554 // VULHUB: VHN-3707

AFFECTED PRODUCTS

vendor:francisco burzimodel:galleryscope:lteversion:1.2.3

Trust: 1.0

vendor:francisco burzimodel:galleryscope:eqversion:1.2.3

Trust: 0.6

vendor:bharatmodel:mediratta galleryscope:eqversion:1.2.2

Trust: 0.3

vendor:bharatmodel:mediratta gallery p1scope:eqversion:1.2.1

Trust: 0.3

vendor:bharatmodel:mediratta galleryscope:eqversion:1.2.1

Trust: 0.3

vendor:bharatmodel:mediratta galleryscope:eqversion:1.2

Trust: 0.3

vendor:bharatmodel:mediratta galleryscope:eqversion:1.1

Trust: 0.3

vendor:bharatmodel:mediratta galleryscope:neversion:1.2.3

Trust: 0.3

sources: BID: 3554 // CNNVD: CNNVD-200111-015 // NVD: CVE-2001-0900

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-0900
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200111-015
value: MEDIUM

Trust: 0.6

VULHUB: VHN-3707
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2001-0900
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-3707
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-3707 // CNNVD: CNNVD-200111-015 // NVD: CVE-2001-0900

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0900

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200111-015

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200111-015

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-3707

EXTERNAL IDS
db:BIDid:3554
Trust: 2.0
db:NVDid:CVE-2001-0900
Trust: 1.7
db:OSVDBid:677
Trust: 1.7
db:CNNVDid:CNNVD-200111-015
Trust: 0.7
db:XFid:7580
Trust: 0.6
db:BUGTRAQid:20011118 GALLERY ADDON FOR PHPNUKE REMOTE FILE VIEWING VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-74993
Trust: 0.1
db:EXPLOIT-DBid:21157
Trust: 0.1
db:VULHUBid:VHN-3707
Trust: 0.1
sources:
            
            
            VULHUB: VHN-3707 // 
            
            
            
            BID: 3554 // 
            
            
            
            CNNVD: CNNVD-200111-015 // 
            
            
            
            NVD: CVE-2001-0900

REFERENCES
url:http://www.securityfocus.com/bid/3554
Trust: 1.7
url:http://www.osvdb.org/677
Trust: 1.7
url:http://marc.info/?l=bugtraq&m=100619599000590&w=2
Trust: 1.1
url:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/7580
Trust: 1.1
url:http://marc.theaimsgroup.com/?l=bugtraq&m=100619599000590&w=2
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/7580
Trust: 0.6
url:http://sourceforge.net/projects/gallery
Trust: 0.3
sources:
            
            
            VULHUB: VHN-3707 // 
            
            
            
            BID: 3554 // 
            
            
            
            CNNVD: CNNVD-200111-015 // 
            
            
            
            NVD: CVE-2001-0900

CREDITS
This vulnerability was submitted to BugTraq on November 18th by Cabezon Aurelien <aurelien.cabezon@isecurelabs.com>.
Trust: 0.9
sources:
            
            
            BID: 3554 // 
            
            
            
            CNNVD: CNNVD-200111-015

SOURCES
db:VULHUBid:VHN-3707
db:BIDid:3554
db:CNNVDid:CNNVD-200111-015
db:NVDid:CVE-2001-0900

LAST UPDATE DATE
2025-04-03T22:42:50.548000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-3707date:2017-10-10T00:00:00
db:BIDid:3554date:2001-11-19T00:00:00
db:CNNVDid:CNNVD-200111-015date:2005-05-20T00:00:00
db:NVDid:CVE-2001-0900date:2025-04-03T01:03:51.193

SOURCES RELEASE DATE
db:VULHUBid:VHN-3707date:2001-11-18T00:00:00
db:BIDid:3554date:2001-11-19T00:00:00
db:CNNVDid:CNNVD-200111-015date:2001-11-18T00:00:00
db:NVDid:CVE-2001-0900date:2001-11-18T05:00:00