CVE-2005-2604 : index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir an

index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.

Published 2005-08-17 04:00:00

Updated 2011-03-08 02:24:45

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2005-2604

Probability of exploitation activity in the next 30 days: 2.01%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-2604

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2005-2604

http://www.securityfocus.com/bid/14570

Exploit;Patch

CVEs referencing this url
http://secwatch.org/advisories/secwatch/20050813_Mig.txt

Exploit;Patch;Vendor Advisory

CVEs referencing this url
http://sourceforge.net/project/shownotes.php?release_id=349348

Patch

CVEs referencing this url
http://www.vupen.com/english/advisories/2005/1432

CVEs referencing this url

Products affected by CVE-2005-2604

My Image Gallery » My Image Gallery » Version: 1.4.1
cpe:2.3:a:my_image_gallery:my_image_gallery:1.4.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-2604

Exploit prediction scoring system (EPSS) score for CVE-2005-2604

CVSS scores for CVE-2005-2604

References for CVE-2005-2604

Products affected by CVE-2005-2604