MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Minigal_2 | Thomas_rybak | 0.5.1 (including) | 0.5.1 (including) |
| Minigal_2 | Thomas_rybak | b13 (including) | b13 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=113063215507210\u0026w=2
- http://secunia.com/advisories/17374/
- http://securityreason.com/securityalert/128
- http://www.securityfocus.com/bid/15235
- http://marc.info/?l=bugtraq\u0026m=113063215507210\u0026w=2
- http://secunia.com/advisories/17374/
- http://securityreason.com/securityalert/128
- http://www.securityfocus.com/bid/15235