download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jv2_folder_gallery | Joonas_viljanen | * | * |