| VID |
21664 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The YaPiG, according to its version number, has a password protected directory access vulnerability. YaPiG (Yet Another PHP Image Gallery) is an open source image gallery software written in PHP. YaPiG versions 0.92b, 0.93u, and 0.94u could allow a remote attacker to view images in password-protected directories. When viewing the HTML source created by the application, one may note that the full paths to image files are disclosed, resulting in unauthorized access to sensitive information. Successful exploitation of this vulnerability may allow an attacker to access unauthorized images on a vulnerable server.
* Note: This check solely relied on the version number of the YaPiG software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
SourceForge.net, YaPiG versions 0.92b, 0.93u, and 0.94u
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of June 2014.
Upgrade to the latest version of YaPiG, when new fixed version becomes available from the YaPiG home page at http://yapig.sourceforge.net/index.php |
| Related URL |
(CVE) |
| Related URL |
14099 (SecurityFocus) |
| Related URL |
(ISS) |
|
